Can appeal the the administrative penalty by asking for a hearing within 10 calendar days of notification.

eSecurity Planet reports that the California Department of Public Health has invoked the penalties outlined in Section 1280.15 of the Golden State's Health and Safety Code, which was passed in 2008, to fine five California hospitals a total of $675,000 for not securing patients' data.

The legislation mandates an administrative penalty of $25,000 for the first breach of a patient's medical information and up to $17,500 for each subsequent breach of other patients' data. Community Hospital of San Bernardino, Calif., faces fines totaling $325,000 for not preventing the unauthorized access of 207 patients' medical records in two separate incidents.

The hospitals, which are also required to submit a plan of correction to CDPH within 10 working days, can appeal the the administrative penalty by asking for a hearing within 10 calendar days of notification.