That's why when clicking through my normal blog and news reading last night, I was happy to read the post California Department of Public Health Continues to Fine Hospitals and Nursing Homes for Data Breaches that detailed the million and a half in fines as a result of Californian Health and Safety Code 1280.15(a) that requires health facilities to properly protect patient data:
Violations of this requirement can result in penalties of up to $25,000 per patient and up to $17,500 per subsequent occurrences of unlawful or unauthorized access, use or disclosure of that patients medical information.
In its most recent wave of penalties, announced November 19, 2010, CDPH assessed fines totaling $792,500 against six hospitals and one nursing home that it determined failed to prevent unauthorized access to confidential patient medical information. In one case, a health facility was fined $310,000:
$60,000 because the facility failed to prevent unauthorized access and disclosure of one patient's medical information by two employees on three occasions.
$250,000 because the facility failed to prevent the theft of 596 patients' medical information
Not only does California have this consumer protection law on their books, they're actively enforcing it. So, just as California set an important path with SB 1383 in 2003 - which sent into motion the legislatures in most states to follow suit - let's hope the state is setting another example that many more states will emulate.
For my security and technology observations throughout the day, follow me on Twitter.