2. Community Hospital of San Bernardino also failed to prevent one employee from unauthorized access of three patients' medical information. "The facility failed to maintain patient privacy of information by not advising three patients of a visitor's presence during collection of registration information. This failure had the potential for unauthorized persons to use the disclosed information in a way not authorized by the patients, such as identity theft or other unauthorized uses," according to state documents. The hospital reported the incident to state officials.
Officials for Community Hospital of San Bernardino released a statement in response to the fines.
3. Ronald Reagan UCLA Medical Center was fined $95,000 after the facility self-reported an incident in which two employees breached the medical records of a deceased patient that press reports linked to Michael Jackson.
In that case, a state document said two employees, one with "School of Medicine Department of Medicine" and another with the "Department of Pathology and Medical Support Services inappropriately accessed Protected Health Information of a deceased patient."
The document said, "both employees were placed on investigatory leave and Human Resources was processing employment termination."
The facility also reported additional breaches by two contract employees who "admitted inappropriate access, they were curious."
UCLA stated that in the last three years it "has made a determined effort to train and test its employees on patient privacy laws and implemented a wide range of safeguards to ensure patient confidentiality. Our vigilant monitoring detected these breaches, which we self-reported to the California Department of Public Health. The individuals involved were dismissed."
4. Enloe Medical Center in Chico received a $130,000 fine, which documents say resulted when the hospital failed to prevent one employee and six employees of local physician's practices from accessing one patient's medical records. The violation involved one employee giving unauthorized access to the other employees.
However, Enloe officials say they will challenge the fine, which it self-reported. "Enloe immediately began to mitigate the breach upon discovery, and continues to monitor and safeguard patient privacy," the hospital said in a statement. "Enloe also provides code of conduct training during new employee orientation and as part of annual competency modules. These safeguards were taken at each location of the breach, however access was misused."
"Enloe Medical Center goes above and beyond the requirements of the law to protect patient privacy, which is the reason we were able to detect the breach," said Mike Wiltermood, Enloe's chief executive officer. "From our perspective, Enloe Medical Center's early detection of the patient information breach, along with our long-standing safeguards and privacy processes, were not taken into consideration as the law clearly allows when CDPH chose to apply the $130,000 administrative penalty," Wiltermood said.