Adventist Health Physicians Network Fined $40,000 for Privacy Breach

Adventist Health Physicians Network in Simi Valley, California has been ordered to pay $40,000 in civil momentary penalties by the Ventura County District Attorney as part of a civil privacy settlement to resolve a patient privacy case that affected 3,797 patients.

The privacy breach occurred in 2018 and involved an impermissible disclosure of physical documents containing private and confidential medical data. The Simi Valley hospital had used a storage facility Simi Valley for storing physical patient records; however, when payments stopped being to the storage facility, the hospital lost access to the storage unit and the contents were put up for sale at a public auction in October 2018.

The individual who bought the contents of the storage unit at the auction discovered boxes of paperwork in the unit that contained the sensitive medical data of patients of Adventist Health. The hospital was notified, and the files were promptly collected and secured.

Adventist Health conducted an investigation into the incident and was satisfied that none of the information in the storage unit had been made public or further disclosed. To prevent similar incidents from occurring in the future, Adventist Health reviewed and updated its policies and procedures to ensure that physical patient records were properly safeguarded and were disposed of securely when the paperwork was no longer required.

The breach was investigated by the Consumer and Environmental Protection Unit of the Ventura County District Attorney’s Office, which determined Adventist Health had violated California Unfair Competition Law as the healthcare provider had failed to protect patient privacy, had not reasonably maintained and safeguarded medical data, and had failed to correctly dispose of confidential information.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.