California Attorney General Rob Bonta has reported reaching a settlement with Adventist Health Hanford concerning alleged violations of California’s Confidentiality of Medical Information Act (CMIA), the Health Insurance Portability and Accountability Act (HIPAA), the California Constitution, and the unfair competition law.
Adventist Health was under investigation for disclosing to law enforcement the protected health information (PHI) of two female patients after they suffered stillbirths. Employees at the hospital shared patient data, which included PHI, to police officers without proper authorization. The two women were accused of murder and spent time in jail before the convictions were repealed.
The first supposed illegal disclosure happened in December 2017. Adora Perez got medical aid at Adventist Health and sustained a stillbirth. Employees at the hospital disclosed to law enforcement some medical data associated with her labor, the condition of the fetus, and supposed drug use by Perez, which allegedly caused the stillbirth.
Three hours following the disclosure, law enforcement visited the patient at the hospital and told her to allow the disclosure of her health records. Kings County District Attorney, Keith Fagundes filed murder charges against Perez under California Penal Code section 187. Perez consented to plead guilty to manslaughter and got the sentence of 11 years imprisonment. After 4 years in jail, her conviction was repealed.
The second unlawful disclosure happened in September 2019. Chelsea Becker received medical help at Adventist Health and had a stillbirth. Once again, employees at the hospital disclosed her PHI to law enforcement and Becker faced murder charges under California Penal Code section 187 because of the death of a fetus with the use of drugs. She was sentenced to 16 months in prison then the trial court dropped her case.
The definition of murder under California Penal Code section 187 includes the unlawful killing of a fetus, which was added in 1970 after the case of a man attacking a pregnant woman, that caused a stillbirth. The revised definition was not meant to apply to an act agreed to by the pregnant mother. In January 2022, Attorney General Bonta published a legal advisory to all state district lawyers, police chiefs, and sheriffs about the change in the law to hold responsible those who deliberately caused injury to pregnant women, not to penalize women who experienced the loss of their baby during pregnancy.
Ms. Becker and Ms. Perez faced charges that were not aligned with the law, and this incorrect use of section 187 must not be repeated. In California, the loss of a pregnancy is not a criminal act.
The California Department of Justice investigation established that Adventist Health did not safeguard the PHI of the two patients, and illegally disclosed patients’ health data to law enforcement, which is a CMIA, an unfair competition law, a California Constitutional right to privacy, and a HIPAA violation. The Department of Justice issued civil monetary penalties and injunctive terms. Adventist Health consented to resolve the case. The settlement consisted of $10,000 in civil penalties and required Adventist Health to offer HIPAA training to medical personnel concerning the management of patient data and give the employees clear guidelines concerning compliance with state regulations.
The Notice of Privacy Practices and PHI training materials should be revised to make clear when PHI could be shared with third parties, such as law enforcement, with no patient permission. A phone/electronic submission hotline should be available to enable employees, patients, and the community to anonymously submit a report on alleged unlawful disclosures and the improper handling of PHI. Yearly and regular training should be given to all employees about PHI guidelines and procedures for managing, storing, processing, and sharing of PHI. The California Attorney General should be notified of all unauthorized disclosure of patients’ PHI within 10 days of the incident.
Women should not be punished for losing her pregnancy. The imprisonment of women as a result of unauthorized health disclosures to the authorities is against the law. This settlement shows that Adventist’s patients’ personal health data is managed with the greatest care and in compliance with the legislation, which will reestablish and improve patient confidence.
