Adventist Health Settles Alleged HIPAA Violations with California Attorney General
California Attorney General Rob Bonta has announced a settlement with Adventist Health Hanford to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), unfair competition law, and the California Constitution.
Adventist Health was investigated over disclosures of the protected health information (PHI) of two female patients to law enforcement after they suffered stillbirths at the hospital. Staff at the hospital disclosed patient information – including PHI – to law enforcement without a warrant and both women were later charged with murder. Both women spent time in jail before their convictions were overturned.
The first alleged unlawful disclosure occurred in December 2017. Adora Perez sought medical assistance at Adventist Health and suffered a stillbirth. Staff at the hospital unlawfully shared medical information with law enforcement related to her labor, the state of the fetus, and alleged drug use by the patient, with the latter attributed to causing the stillbirth.
Three hours after the disclosure, while the patient was still in hospital, law enforcement visited the patient and asked her to authorize the release of her medical records. She was charged with murder under California Penal Code section 187 by Kings County District Attorney, Keith Fagundes. Perez agreed to a plea deal where she pled guilty to manslaughter and was sentenced to 11 years in jail. Her conviction was overturned after spending 4 years in jail.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The second unlawful disclosure occurred 2 years later in September 2019. Chelsea Becker sought medical assistance at Adventist Health and suffered a stillbirth. Again, staff at the hospital shared her PHI with law enforcement and Becker was charged with murder for causing the death of a fetus through drug use under California Penal Code section 187. She was convicted and spent 16 months in jail before the trial court dismissed her case.
California Penal Code section 187 defines murder as “the unlawful killing of a human being, or a fetus, with malice aforethought,” with “fetus” added to the definition in 1970 in response to a case where a man attacked a pregnant woman, resulting in a stillbirth. The change to the definition was never intended to apply to an act consented to by the mother of the fetus. In January 2022, Attorney General Bonta issued a legal alert to all state district attorneys, police chiefs, and sheriffs stating that the law was changed to hold accountable those who intentionally inflicted harm on pregnant women, not to punish women who suffer the loss of their pregnancy.
“The charges against Ms. Becker and Ms. Perez were not consistent with the law, and this misuse of section 187 should not be repeated. With reproductive rights under attack in this country, it is important that we make it clear: Here in California, we do not criminalize the loss of a pregnancy,” said Attorney General Bonta.
The California Department of Justice investigation determined that Adventist Health failed to protect the PHI of both patients, and unlawfully disclosed patients’ medical information to law enforcement, in violation of CMIA, HIPAA, unfair competition law, and the California Constitutional right to privacy. The Department of Justice sought civil monetary penalties and injunctive terms and Adventist Health agreed to settle the case. The settlement includes $10,000 in civil penalties and the requirement for Adventist Health to provide robust training to medical personnel regarding the handling of patient information and provide the staff with clear guidelines regarding compliance with state laws.
Specifically, PHI training materials and the Notice of Privacy Practices must be updated to clarify when PHI may be disclosed to third parties, including law enforcement, without patient consent. A telephone/electronic submission hotline must be maintained to allow personnel, patients, and the public to anonymously report suspected unlawful disclosures and the mishandling of PHI. Annual and ongoing training must be provided to all personnel who interact with patients or their PHI regarding policies and procedures for handling, storing, using, and disclosing PHI, and all unauthorized disclosures of patients’ PHI must be reported to the California Attorney General within 10 days of the unauthorized disclosure.
“No woman should be penalized for the loss of her pregnancy,” said Attorney General Bonta. “As we have said repeatedly, the wrongful imprisonments of both women due to unauthorized health disclosures to law enforcement were unlawful. That’s why today’s settlement ensures that Adventist’s patients’ personal health information is handled with the utmost care and in compliance with the law, which will restore and enhance patient confidence.”
“After a two-year investigation by the Attorney General’s Office, no employee was found to have made any illegal disclosure of medical information and Adventist Health policies and procedures for safeguarding patient information were found to be sufficient,” explained Adventist Health in a statement provided to The HIPAA Journal. “Adventist Health Hanford is required by law to report specific information to law enforcement. Our settlement for a nominal amount with the Attorney General’s Office was made in our desire to move beyond this ongoing litigation. We will continue to follow all reporting laws as required by state and federal agencies, and we appreciate the partnership and resolution of this issue with Mr. Bonta and the Attorney General’s Office.”
