Sexting has its costs – and we're not talking about New York politics either.

Huntington Memorial Hospital in California was fined $25,000 after an admissions clerk took a patient's mobile phone number and sent her a sex-based text message. And, it was not just one message to a single patient either. During the investigation, the clerk admitted to having sent up to ten such messages to attractive patients over one year.

The hospital told investigators that the clerk used hospital data “inappropriately” as phone numbers were not part of the clerk's normal business, but that the employee did have legitimate access to patient demographics, contact numbers, insurance and social security numbers. This did not sit well with investigators as their official report found that facility had failed to prevent the unlawful access and use of a patient's medical information.

It seems that the hospital did not limit the clerk's access to patient data and records -- as can readily be done with a DLP/monitoring solution such as Safetica.

California (regulatory) dreaming
Yes, this could only happen in California – at the moment. In addition to producing more fruits and nuts than any other state, California is a leading regulatory state. Californian regulations on automobile emissions, as just one example, have been copied across the United States.

In addition to HIPPA, California has Section 1280.15 of the Health and Safety Code.
This enables the California Department of Public Health to assess an a penalty of up to $25,000 per patient whose medical information was unlawfully accessed or used.

The penalty effectively answers the question: What is the cost of misused data to the responsible institution? The Huntington hospital now knows. And, other institutions have been fined ten times as much – $250,000.

Lots more warnings and training sessions in the future
The solution – at least according to the State of California – is a review of computer systems, more training to remind employees that patient data is sacred, and incessant reminders to employees that that use of their private mobile phones in the wrong area is cause for firing.

On one hand, it makes me wonder how much the costs for data misuse and the bureaucratic responses contribute to the cost of medical care in the United States. And on the other hand, the California law makes it very clear that insecure data handling has a price.

Author
Safetica team

Next articles

Dedicated DLP vs. Integrated DLP: Which makes most sense for your organization?

While researching DLP solutions for your organization, you might’ve come across two different variants: dedicated DLP (also known as enterprise DLP) and integrated DLP. In simple terms, a dedicated DLP is a dedicated data loss prevention system. An integrated DLP is an extension to an already existing program used within the organization. Read more.

The Top 6 Biggest Data Leaks of 2022

Last year, that the average global cost of a single data breach was USD 4.35 million – a 2.6% increase from 2021. Read about the top 6 biggest data leaks of 2022, and find out why data protection is so much needed.

Top 4 reasons why financial institutions should use Safetica

One of the most vulnerable industries in the data protection realm is financial services. In the financial industry, the estimated average cost of a data breach was $5.97 million – the second highest only after the healthcare industry. That's not a small amount!