UPDATE: In a statement sent to PHIprivacy.net on March 7, a CDPH spokesperson writes: The original $250,000 penalty posting was an error discovered during the appeal. The correct calculation should have been $100/day times the number of days the facility failed to report the breach to CDPH, for a total penalty of $1100. So after…
Search Results for: Lucile Salter
Did the punishment fit the "crime?" (the Lucile Salter Packard Hospital breach fines)
Jason C. Gavejian writes about a hospital breach that is causing waves because of the exorbitant fine the state imposed. Lucile Salter Packard Children’s Hospital at StanfordUniversity was fined $250,000 earlier this year by the California Department of Public Health (“CDPH”) for an alleged delay in reporting a breach under California’s health information privacy law. What makes…
$250,000 penalty issued to Lucile Packard Children's Hospital was an error – CDPH
A breach at Lucile Salter Packard Children’s Hospital in 2010 generated a number of posts on this blog – especially after the hospital was reportedly fined $250,000 by California for a delay in notifying patients of the breach. I recently reported that the hospital had settled its appeal with the state and did not have…
Patient Data Posted Online in Major Breach of Privacy
Kevin Sack reports: A medical privacy breach at Stanford University’s hospital in Palo Alto, Calif., led to the public posting of medical records for 20,000 emergency room patients, including names and diagnosis codes, on a commercial Web site for nearly a year, the hospital has confirmed. Since discovering the breach last month, the hospital has…
Data Breach Investigation | Due Process of Law
The following is cross-posted from PHIprivacy.net: In September, I posted an excerpt from a thought-provoking commentary by attorney Benjamin Wright. In discussing a fine levied against Lucile Salter Packard Hospital for late notification under California’s breach notification law, he had written, in part: The California Legislature made clear it wants notices to be issued quickly. However,…
Data Breach Investigation | Due Process of Law
In September, I posted an excerpt from a thought-provoking commentary by attorney Benjamin Wright. In discussing a fine levied against Lucile Salter Packard Hospital for late notification under California’s breach notification law, he had written, in part: The California Legislature made clear it wants notices to be issued quickly. However, the law should not be…