Adventist Health Physicians Network to Pay $40,000 for Privacy Breach

The Ventura County District Attorney directed Adventist Health Physicians Network located in Simi Valley, California to pay civil momentary penalties worth $40,000 for a civil privacy settlement resolving a patient privacy breach that impacted 3,797 individuals.

The privacy breach happened in 2018 and concerned an impermissible disclosure of physical paperwork that contain private and confidential healthcare information. The Simi Valley hospital had a storage property in Simi Valley utilized for keeping physical patient documents; nevertheless, when the hospital stopped payments for the storage facility, the hospital could not use the storage area anymore and the items were posted for sale in October 2018 at a public auction.

The person who acquired the items kept within the storage area at the auction found boxes of documents within the unit that included the sensitive medical information of Adventist Health patients. The hospital was informed, and the documents were immediately compiled and kept safe.

Adventist Health performed a review of the breach and was pleased to know that not one of the data in the storage space was publicized or further exposed. To {prevent|stop} {similar|the same} {incidents|occurrences} in the future, Adventist Health {reviewed|evaluated} and revised its policies and procedures to ensure that physical patient records were {properly|correctly} safeguarded and were thrown out safely when the documents were no longer needed.

Consumer and Environmental Protection Unit of the Ventura County District Attorney’s Office looked into the breach, which affected Adventist Health. The company had disobeyed California Unfair Competition Law. The healthcare provider was unable to safeguard patient privacy, didn’t manage and protect medical information well, and was unable to properly remove sensitive data.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at