Hospital Fined $250,000 For Late Reporting of Data Breach
"Based on interviews and record review, the hospital failed to notify a privacy breach of patients' protected health information (PHI) to 532 patients within five days after the hospital confirmed the breach on 2/1/10. The hospital failed to send notifications to the patients until 2/19/10."
"The confidential data included names, date of birth, medical record numbers, diagnoses, procedures, insurance information and/or social security numbers."
Lucile Packard officials on Thursday posted a lengthy statement on the hospital's website saying it intends to appeal the $250,000 fine.
"The computer in question was used by an employee whose job required access to patient information," the hospital said.
"Even though the employee had signed written commitments to keep patient information confidential and secure in accordance with legal requirements and hospital policies, the hospital received reports that the now-former employee allegedly removed the computer from hospital premises and took it home.
"The hospital immediately began a thorough investigation and also reported the matter to law enforcement in an attempt to recover the computer quickly.
"As soon as the hospital and law enforcement determined the computer was not recoverable, the hospital voluntarily reported the incident to the California Department of Public Health (CDPH) and federal authorities, as well as the families of potentially-affected patients. The hospital also provided to the families identity theft protection and other support services.
"Theft charges have been filed against the former employee."
- Providers Lag as Consumers Set Agenda
- Look Beyond Nurse-Patient Ratios
- Reform Puts Vise Grips on Physicians
- Esther Dyson Launches Population Health Challenge
- Crisis Spurs Healthcare Payment Reform in Arkansas
- Hospital Groups Back NQF Report on Patient Sociodemographics
- Medicare Opt-Out a Viable Physician Strategy
- NPP Demand Rising Under Value-Based Care Models
- ICD-10 Delay Alters Provider, Vendor Prep
- Boston Marathon Bombing Yields Lessons for Hospitals