"A state appeals panel has agreed hospitals can't be sued if one of their employees posts confidential patient health information online so long as there are appropriate policies in place attempting to prevent such an outcome. In 2016, an employee of the Resnick Neuropsychiatric Hospital of UCLA posted diagnoses of about 10 patients on Instagram in a partially redacted image."
"According to court records, another employee at the acute psychiatric hospital saw the post and reported it to a supervisor; the worker who made the post initially landed on administrative leave and ultimately lost his job. Following the incident, the California Department of Public Health ordered the Regents of the University of California to pay a $75,000 penalty for the data exposure and alleged privacy violations."
"UCLA Health's Office of Compliance Services investigated the matter and found no patient reported adverse consequences. It also notified all employees of the duty to protect patient confidentiality. The CDPH gave Resnick and initial and amended Statement of Deficiencies and Plan of Correction and the hospital complied on schedule. The fine was a per-patient penalty of $7,500."
A state appeals court ruled that hospitals cannot be held liable when an employee posts confidential patient health information online if the hospital had appropriate policies in place and the employee knowingly violated them. In 2016, a Resnick Neuropsychiatric Hospital employee posted partially redacted diagnoses for about 10 patients on Instagram. Another employee reported the post, and the poster was placed on administrative leave and later fired. The California Department of Public Health assessed a $75,000 penalty. UCLA Health's compliance office found no reported patient harm, reinforced confidentiality duties, submitted required corrections, and complied with the CDPH plan of correction.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]