For the second time in two months, Kaiser Permanente Bellflower Hospital in Los Angeles County has been slapped with a six-figure fine for failing to secure electronic patient records from snooping employees.
Investigators say one of the eight employees caught in the latest security breach in April was also involved in the earlier breach in mid-March that involved Nadia Suleman, aka the Octomom.
The California Department of Public Health today issued an "administrative penalty" of $187,500 after determining that KP Bellflower failed to prevent unauthorized access to confidential patient medical information. The hospital was also hit with a $250,000 fine on May 15 for violations that occurred in mid-March, when KP Bellflower notified the state that employees snooped through on medical records belonging to Suleman, whose eight children were born at the hospital on Jan. 27.
Citing patient confidentiality laws, California Department of Public Health spokesman Ken August declined to say if the latest breaches also involve Suleman. The penalties were issued under a new California law that uses heavy fines and bad publicity to incentivize hospitals to protect patient confidentiality.
KP Bellflower officials say they are preparing to release a statement on the latest breach.
Four patients and eight employees were involved in the April, investigators say. One patient's records were examined by six employees. August says there is no indication that the employees were acting out of anything more sinister than curiosity. After the first breach, KP Bellflower notified Suleman and state investigators, fired 14 employees, and reprimanded eight employees.
In an unrelated matter, but also taking place in the Golden State, letters have been sent to about 30,000 patients at the University of California San Diego's Moores Cancer Center after a hacker accessed patients' personal files, the center says. UCSD officials say the hacker accessed personal data, including names, birth dates, and medical records numbers, but that personal medical record information, Social Security numbers, and driver's license and financial information were not breached. The breach occurred in late June, and the letters were sent out last week.
The hospital blamed the Internet-based attack on "highly skilled individuals living overseas."