An official at Kaiser Permanente Bellflower Hospital says it's "too soon" to determine if the suburban Los Angeles hospital will appeal its second six-figure fine in two months for failing to secure the personal electronic medical records of Nadya Suleman and her octuplets from snooping employees.
The California Department of Public Health on Thursday issued an "administrative penalty" of $187,500 after determining that KP Bellflower failed to prevent unauthorized access to the Suleman family's confidential patient medical information. The hospital was also hit with a $250,000 fine on May 15 for similar privacy violations against Suleman, aka Octomom, whose eight children were born at the hospital on Jan. 27.
"This is basically the same as the earlier breach. The difference is the earlier report was for the mother. This was for the babies," says Jim Anderson, KP Bellflower spokesman. "The babies' report was filed later because they were in the hospital longer and as a result the investigation took longer. Since the additional safeguards were put in, there have been no improper looks at the medical records of the children."
The CDPH report says eight KP Bellflower employees were identified in the second breach, including one employee who was identified in the first breach. Anderson says the hospital believes the breaches all occurred in late January "in the first few days after the births."
"The report lists eight people," Anderson says. "Four of them looked only at the babies' records. Of those four, two resigned in lieu of termination, one was terminated, and one received significant discipline. The other four had also looked at the mother's records and had resigned already. All of the improper activity all took place in the first few days after the birth. There is some confusion about the timeframe because the reports came out at a different time."
Anderson says there is no indication that the snooping employees acted out of anything more sinister than simple curiosity. "As the thing became reported worldwide, it appears that people let their curiosity get the better of them," he says. "We have no indication and there is no indication in any media reports that any of these people ever gave that information to a third party."
KP Bellflower reported the breaches to CDPH, which launched the investigation and issued the penalties under a new California law that uses heavy fines and bad publicity to incentivize hospitals to protect patient confidentiality. Anderson says KP Bellflower has already paid the $250,000 fine, but hadn't yet determined if it would appeal the second fine. "It's too soon to say. We have people still looking at it," he says.
Despite the high-profile breaches, Anderson says KP Bellflower "believes extremely strongly in a patient's right to privacy and confidentiality." He says DCPH was made aware of the breaches only because the hospital conducted an internal investigation and notified the state.
"The vast majority of the staff in that hospital did exactly the right thing," Anderson says. "There were more than four dozen people who were involved in the delivery and the immediate moments after the births. They all managed to protect her privacy and the privacy of her children."