DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Prime Healthcare Services fined $95,000 in privacy case

Posted on November 29, 2012 by Dissent

If you’ve been reading my blog for a few years, you’ll likely remember the case where Shasta Regional Medical Center and Prime Healthcare Services disclosed a patient’s records to the media, claiming that because the patient had talked to the media, she had waived confidentiality.  The case was initially reported in January, and I posted an update in May 2012, by which time the state had found that the hospital and Prime Healthcare Services had breached state patient confidentiality law (pdf).  At that time, I wrote:

Back in January, I suggested that SRMC should probably shut up and not continue to try to defend its actions. The ruling by the state comes as no surprise to me. Nor, however, am I surprised to read that SRMC is appealing the finding.

Do I expect to see fines over this one? You betcha. A “good faith belief” only cuts you some slack, not all.

Today, Chad Terhune reports:

State officials have fined hospital chain Prime Healthcare Services Inc. $95,000 for violating patient confidentiality by sharing a woman’s medical files with journalists and sending an email about her treatment to 785 hospital employees.

The California Department of Public Health levied the fine this month after determining in May that Shasta Regional Medical Center in Redding had five deficiencies related to the unauthorized disclosure of medical information on a diabetes patient treated there in 2010.

Prime Healthcare, based in Ontario, said it had appealed the state’s findings and penalties. “Shasta Regional Medical believes that disclosures, if any, were permitted under both federal and state law,” company spokesman Edward Barrera said. “Shasta Regional Medical Center is committed to the privacy of its patients.”

Read more on the Los Angeles Times. I think $95,000 is actually pretty low considering the severity and consequences of the breaches. And I’m flabbergasted that they’re still maintaining they did nothing wrong.

But, wait. There’s more:

The state agency said it issued an additional $3,100 in fines in the case because the hospital failed to report the breach to the state and the patient in a timely manner.

Separately, the Department of Public Health fined Prime Healthcare $25,000 because a Shasta hospital employee inappropriately accessed a co-worker’s medical files in January while the person was being treated there.

The state’s report on that second breach can be found here (pdf). On a positive note, SRMC may not have prevented that breach, but they detected it fairly quickly through their own internal audits. Now if we could just work on prevention, right?

I’m waiting to see what HHS does (if it even does anything) about the release of the first patient’s data to the media and hospital employees. For my money, if I were HHS, I’d sock these folks with a really hefty fine because they still don’t seem to get that what they did was flat-out wrong.

This blog entry was corrected to reflect that the case first became public in January 2012. 

Category: Health Data

Post navigation

← S.C. Gov. Nikki Haley takes blame for state’s data breach
Rogue Advanced Data Processing employee accessed and disclosed patient info to others for tax refund fraud scheme (update2) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.