California Gov. Arnold Schwarzenegger on Tuesday signed two bills into law that will allow the state to impose harsher penalties on hospital workers who inappropriately access patient data.
The bills -- authored by Democratic Sen. Elaine Alquist and Assemblyman Dave Jones -- hold health care providers responsible for protecting patient data from unauthorized access, and sets fines for violators of up to $250,000 per incident.
The legislation was spurred on by a March report in the Los Angeles Times
that staff at the UCLA Medical Center snooped on the medical records
of Britney Spears and California First Lady Maria Shriver.
"Medical privacy is a fundamental right and a critical component of quality medical care," Schwarzenegger said in a statement. "Repeated violations of patient confidentiality are potentially harmful to Californians, which is why financial penalties are needed..."
According to the governor's office, existing laws made it difficult to impose and enforce fines unless a district attorney or the state attorney general got involved.
Privacy advocates lauded the bills' passage.
"Your medical privacy is one of those areas where once the information is out, it's very difficult, if not impossible, to get it back," says Paul Stephens, director of policy and advocacy at the nonprofit Privacy Rights Clearinghouse.
"With financial privacy, while it's bad when there's a disclosure, most of the time you're able to recover from it," he told SCMagazineUS.com on Wednesday. "Medical privacy issues are different, particularly with someone who may have a condition or a disease that may cause embarrassment. That's something you're going to have to live with for the rest of your life."