Scott Holland reports that a California state appeals court agreed with a hospital that it should not be held liable for employee misbehavior if they had a clear policy in place but the employee knowingly violated it:
A state appeals panel has agreed hospitals can’t be sued if one of their employees posts confidential patient health information online so long as there are appropriate policies in place attempting to prevent such an outcome.
In 2016, an employee of the Resnick Neuropsychiatric Hospital of UCLA posted diagnoses of about 10 patients on Instagram in a partially redacted image. According to court records, another employee at the acute psychiatric hospital saw the post and reported it to a supervisor; the worker who made the post initially landed on administrative leave and ultimately lost his job.
Following the incident, the California Department of Public Health ordered the Regents of the University of California to pay a $75,000 penalty for the data exposure and alleged privacy violations.
UCLA Health’s Office of Compliance Services investigated the matter and found no patient reported adverse consequences. It also notified all employees of the duty to protect patient confidentiality. The CDPH gave Resnick and initial and amended Statement of Deficiencies and Plan of Correction and the hospital complied on schedule. The fine was a per-patient penalty of $7,500.
Read more at Legal Newsline.
h/t, Joe Cadillic