1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
California Attorney General Rob Bonta sent a letter to the U.S. Department of Health and Human Services opposing a proposed rule that would eliminate model card requirements for AI tools in healthcare, warning that such rollbacks could lead to biased and unsafe healthcare decisions by reducing transparency.
California Attorney General Rob Bonta joined a multistate coalition in filing an amicus brief opposing the U.S. Department of Justice's subpoena for patient records from University of Pittsburgh Medical Center related to gender-affirming care. The brief argues that the subpoena violates patient privacy, infringes on states' rights to regulate medicine, and exceeds DOJ's statutory authority.
California Attorney General Rob Bonta joined 20 attorneys general in filing an amicus brief to quash a U.S. DOJ administrative subpoena seeking sensitive medical records and personally identifying information of adolescent patients receiving gender-affirming care at Children's Hospital Colorado. The brief argues the subpoena violates states' rights to regulate medicine under the Tenth Amendment and misinterprets the Food, Drug, and Cosmetic Act, which would harm off-label drug use across all medical fields.
Illuminate Education, Inc. suffered a data breach in 2021 due to security failures, exposing sensitive student data including medical conditions across millions of students. The company has agreed to pay $5.1 million in settlements to California, Connecticut, and New York and implement injunctive relief to strengthen data security practices.
$5.1M
California Attorney General Rob Bonta issued an informational bulletin summarizing new responsibilities under SB 81, which expands protections for immigrants' medical information by designating immigration status as protected data under the Confidentiality of Medical Information Act (CMIA) and restricts immigration enforcement access to non-public areas of healthcare facilities.
California Attorney General Rob Bonta joined 15 attorneys general in filing an amicus brief to limit a U.S. DOJ subpoena seeking medical records of transgender youth from Children's Hospital of Philadelphia, arguing it violates patient privacy and could intimidate providers of gender-affirming care.
California Attorney General Rob Bonta announced a $1.55 million settlement with Healthline Media LLC for CCPA violations. Healthline failed to honor opt-out requests, shared consumer data including health-related article titles with third parties, and used deceptive privacy practices. The settlement includes injunctive relief and a compliance program.
$1.6M
California Attorney General Rob Bonta announced a $49 million settlement with Kaiser for illegally disposing of hazardous waste, medical waste, and protected patient information at facilities statewide. The settlement resolves allegations of violations under health privacy and environmental laws, requiring Kaiser to pay penalties, implement compliance measures, and undergo independent audits.
$49.0M
California Attorney General Rob Bonta, alongside six county district attorneys, announced a $49 million settlement with Kaiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals resolving allegations of unlawful disposal of hazardous waste, medical waste, and protected patient health information. Investigations of 16 Kaiser facilities found hundreds of hazardous and medical waste items and over 10,000 paper records containing data of more than 7,700 patients in unsecured dumpsters. The settlement requires Kaiser to pay up to $49 million in penalties and compliance costs, retain an independent auditor for five years of regular audits, and implement enhanced waste and data disposal procedures.
$49.0M
Anthem, Inc. settled with California for $8.69 million over a 2014 data breach that exposed personal information of 78 million consumers, including 13.5 million Californians. The breach resulted from security deficiencies, and the settlement includes injunctive relief to improve information security practices. This action was part of a parallel multistate settlement.
$8.7M
California Attorney General settled with Glow, Inc. for $250,000 due to privacy and security failures in its fertility app that risked exposing users' sensitive health information. The settlement requires Glow to implement privacy and security measures, obtain affirmative consent for data sharing, and consider unique impacts on women.
$250K
Premera Blue Cross suffered a data breach in 2014 that exposed personal and medical information of 10.5 million consumers. As part of a multistate settlement, Premera agreed to pay $10 million in civil penalties and implement security improvements and a compliance program. California will receive over $1 million from the settlement.
$10.0M
Aetna Inc. settled with the California Attorney General for $935,000 over allegations that it revealed the HIV status of 1,991 Californians through a mailing error where medication information was visible through envelope windows. The settlement requires Aetna to implement improved mailing procedures and conduct annual privacy assessments. This action enforces health privacy laws and protects sensitive medical information.
$935K
Cottage Health System experienced two data breaches exposing medical information of over 50,000 patients due to inadequate security measures. The settlement requires a $2 million penalty and upgrades to security practices, including designating a Chief Privacy Officer.
$2.0M
The California Attorney General filed a complaint against Kaiser Foundation Health Plan, Inc. for improperly disposing of patient medical records containing protected health information. The records, including diagnoses and lab results, were found discarded at a recycling facility, violating patient privacy. The action alleges breaches of the California Confidentiality of Medical Information Act.
All data sourced from official government enforcement pages.