Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

California’s First 2017 Health Care Data Breach Enforcement Results in $2 Million Settlement

Share

Cottage Health System has settled a state enforcement action over two separate data breaches that made more than 50,000 patients’ medical information publicly available online. The no-fault settlement requires Cottage Health System to:

  • Pay $2 million to the California Attorney General’s office.
  • Take steps to update its health care information security program for the next three years.
  • Designate an employee to oversee Cottage Health System’s compliance with state and federal privacy laws.
  • Complete and deliver an annual privacy risk assessment for the next two years to the California Attorney General’s Office.

Cottage Health System is a not-for-profit system based in Santa Barbara, California and includes Cottage Health, Goleta Valley Cottage Hospital, Santa Barbara Cottage Hospital, and Santa Ynez Valley Cottage Hospital. The health system first learned in December 2013 that 50,000 patients’ confidential medical information were publicly viewable online. During the attorney general’s investigation of that 2013 incident, the attorney general’s office discovered a second breach involving 4,596 patient records which were also publicly available online.

“When patients go to a hospital to seek medical care, the last thing they should have to worry about is having their personal medical information exposed,” said State Attorney General Xavier Becerra in a press statement announcing the settlement, “The law requires health care providers to protect patients’ privacy. On both of these counts, Cottage Health failed.”

This settlement shows that the California Attorney General’s Office will continue to enforce cybersecurity for Californians, including in the health care space. It also serves as a reminder to health care providers to be compliant with both federal and state health care privacy and security requirements.

The full settlement is available on the State of California’s Attorney General website.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Sumaya M. Noush

Sumaya Noush counsels health care clients on strategic and operational matters, including transactions, corporate governance and regulatory compliance. View Sumaya's full bio on the Faegre Drinker website.

Receive Email Alerts to New Articles

SUBSCRIBE

December 1, 2017
Written by: Sumaya M. Noush
Category: Cybersecurity, Privacy

Post navigation

Previous Previous post: FDA Approves First Digital Pill
Next Next post: Human Rights Watch Denounces China’s Big Data Policing

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT