Healthcare News & Insights

Fines adding up for hospitals that don’t protect patient data

California has assessed five hospitals a combined $675k for allowing unauthorized access to confidential patient information.

The five hospitals were Community Hospital of San Bernadino, Enloe Medical Center (Chico), Rideout Memorial Hospital (Marysville), Ronald Regan UCLA Medical Center and San Joaquin Community Hospital (Bakersfield).

The breaches involved at least 242 patients’ records, and were perpetrated by 32 staff members. In one case, one employee accessed 204 patient records.

The hospitals will have to submit a plan of corrective action within 10 days to demonstrate that they can prevent future data breaches.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.


  1. mike wiltermood says:

    Your article regarding California state fines levied against hospitals for “allowing unauthorized access to patient medical records” is in error and out of context. Enloe Medical Center didn’t “allow” anything. All our records are pass code protected. We authorize a number of individuals to access medical records as a normal course of business. Several individuals with pass code access looked into records for reasons other than patient care. Our computer system flagged that access, and those individuals were dealt with accordingly. This is the best any organization can do and still run its business. Ask banks what they do to protect financial information from the prying eyes of a curious teller. I can guaratee you banks do not take the steps we take.

    The state of Calfiornia has to figure out how to reconcile the current federal mandate to integrate patient data between hospitals, physicians, and other health care organizations with it’s self reporting law for patient privacy. It has not done so, and if our fine is any indication, it is acting irresponsibly by fining hospitals for breaches over which they cannot possibly totally control.

    Of further note is the fact that California’s fines are based on breaches self reported by the hospitals themselves, and without those reports, the state would never have know about them. California is shining a light on itself, something few other states do.

    Mike Wiltermood, CEO
    Enloe Medical Center