The legislation mandates an administrative penalty of $25,000 for the first breach of a patient's medical information and up to $17,500 for each subsequent breach of other patients' data. Community Hospital of San Bernardino, Calif., faces fines totaling $325,000 for not preventing the unauthorized access of 207 patients' medical records in two separate incidents.
The hospitals, which are also required to submit a plan of correction to CDPH within 10 working days, can appeal the the administrative penalty by asking for a hearing within 10 calendar days of notification.