Lucile Salter Packard Children’s Hospital at Stanford University has been fined $250,000 by California health officials for failing to report within five days a breach of 532 patient medical records in connection with the apparent theft of a hospital computer by an employee.
Penalty equates to $100 for every day of delayed reporting after the first five days for each patient medical record that was breached!
The state’s medical record confidentiality laws require notification of a data breach within 5 days. While this law applies to the medical industry, there is a similar law which applies to all organizations – state government agencies and nonprofit organizations, as well as companies of all sizes, regardless of geographic location, that hold personal data on persons living in California.
California Senate Bill 1386, also known as the California Security Breach Information Act
SB1386 requires companies that collect and hold personal information on Californian residents –whether customers, employees, or individuals involved in some facet of the business – to notify immediately each person on their database should an information security breach occur OR if one is suspected.
The IT Governance comprehensive SB-1386 & ISO27002 Implementation Toolkit is specifically designed by experts in data compliance legislation, to guide organizations and agencies that must act in accordance with with SB1386; it conforms to ISO27002 and, if desired, also helps organizations prepare for external certification (ISO27001) that would demonstrate conformance to such a standard.
Don’t be the next $250,000 fine – Ensure your organization complies with this law
Buy The SB1356 & ISO 27001/27002 Toolkit Today >>