Consumers, patients, the media and even some of the hospitals responsible for major data breaches have become accustomed to reporting security lapses that expose patients’ or physicians’ personal data. Whether it’s a missing USB drive or a stolen laptop or an innocent—albeit unsecured—internal Web site, hospitals are perhaps the largest sieves of personal information these days.
But as eSecurity Planet discovered, the days of simply notifying the victims and moving are coming to an end as more and more states are slapping heavy fines and additional regulations on hospitals and medical services providers that fail to adequately safeguard patients’ names, medical treatments, Social Security numbers and other personal information.
This new level of accountability and government intervention last week resulted in more than a half a million dollars in fines to just five hospitals that failed to keep patients’ data from leaking out of its computer networks.
With California leading the way, security experts expect more state and federal government agencies will begin hitting companies and organizations where it hurts most until they invest in the technology and training required to protect consumer data.
Five California hospitals were fined a total of $675,000 last week for failing to secure patient data, a development that signals a change in how state and federal governments are starting to hold companies and organizations accountable for their data security practices.
Last week, the California Department of Health (CDPH) invoked the penalties outlined in Section 1280.15 of the Golden State’s Health and Safety Code. The legislation, which was passed in 2008, calls for an administrative penalty of $25,000 for the first breach of a patient’s medical information and a penalty of up to $17,500 for each subsequent breach of other patients’ data.
Community Hospital of San Bernardino, Calif. was assessed fines totaling $325,000 for failing to prevent the unauthorized access of 207 patients’ medical records in two separate incidents.