The Associated Press reports that the state of California has levied fines for unhealthy practices:

Eighteen hospitals in California were fined for state health code violations in which patients received shoddy care that in some cases led to deaths.

Violations included an improperly inserted catheter, a ventilator that wasn’t turned on and surgical tools left inside patients after operations.

The fines made public Monday stem from investigations by the California Department of Public Health.

The hospitals were fined $25,000 for each violation — the latest of dozens of penalties the state has issued in recent years to more than 40 hospitals.

The state keeps a list of penalties by county.

In related news, California also recently negotiated huge fines from health plan providers:

Anthem Blue Cross and Blue Shield — two of the state’s biggest health plans — agreed Thursday to pay a total of $13 million in fines and to offer new health coverage to more than 2,200 Californians the companies dropped after they became ill.

Speaking of the state of California health care, I have been trying to figure out why the governor was in favor of stronger state-led privacy restrictions for hospitals, yet he vetoed a bill that shadowed PCI. I took him at his word at first, that PCI was doing a fine job of self-regulation and private industry would not benefit from more laws regulating payment card data. If nothing else, PCI is good at creating charts and graphs showing that it is doing something about the problem and should be left alone. Who does that for health care providers?

I then noticed an article in the LA Times that suggests Schwarzenegger has been a victim of the medical records exposure at UCLA:

The governor says unauthorized people have looked at his hospital files, just as someone at UCLA examined the records of his wife, Maria Shriver. He calls for stronger privacy protections.

[…]

Schwarzenegger reiterated that his administration will push hospitals to implement new safeguards to stop such snooping.

That certainly suggests that he feels the pain of identity loss more personally from health care (especially privacy), rather than from any financial loss. On the other hand, the governor has recently moved to ban transfats state-wide.

The California legislature pushed the bill through last week, and Schwarzenegger signed it into law Friday, July 25.

The ban will require food providers to begin phasing out trans fat oils by July 1, 2009. Thereafter, noncompliance with the ban will result in fines of up to $1,000.

Perhaps he is just more concerned with health-related public policy issues than financial services, or he recognizes that while financial services are suffering the current state of state health-care is even worse.

The NYT reported this morning on an interesting breach situation:

The Princeton Review, the test-preparatory firm, accidentally published the personal data and standardized test scores of tens of thousands of Florida students on its Web site, where they were available for seven weeks.
[…]
Another test-preparatory company said it stumbled on the files while doing competitive research. This company provided The New York Times with the Web address of the internal files on the condition that it not be named. The Times informed the Princeton Review of the problem on Monday, and the company promptly shut off access to that portion of its site.

Strangely there is no mention of logs or security monitoring at all in this article.

In terms of compliance, the exposed information included names, birth dates, ethnicities and learning disabilities, along with test performance. This is not generally considered personally identifiable information (multiple people may share the same value). And FERPA does not apply because the Princeton Review is not considered a school that receives funds from the DoE.

Nonetheless, it made the NYT because a competitor disclosed it and I suspect there will be increased scrutiny of how regulations can protect children from identity breaches.

Identity mistakes are all over the news these days, but I particularly enjoyed this story about a Kentucky sheriff who drove all the way across America, picked up the wrong guy, and then drove him back across America before realizing he had arrested the wrong man:

When Oros got to the Butler County Jail and again claimed he wasn’t the right person, Jailer Terry Fugate pulled a mugshot, which looked like a different person.

“That guy is ugly,” Oros told The Courier-Journal of Louisville of his impostor. “I’m pretty.”

After finding the mistake, Butler County officials paid for Oros to fly back to California. Meanwhile, the real suspect they were searching for is still on the lam.

The benefit of having your identity stolen in Kentucky, apparently, is a taxpayer financed road trip. Meals, clothing and tour-guide as well as the return flight are provided. You can argue against going on the trip, but those Kentucky public servants are not so easily fooled:

Gaddie told The Daily News of Bowling Green that Oros told them he wasn’t the man they were looking for, “but nearly everyone says that on this type of retrieval.”

Everyone? Does that include people who do not match the mug-shot of the wanted suspect? Funny how that factor is conveniently overlooked. I guess if you trust the word of no-one, then you should probably be prepared with additional forms of verification, no?

“Nobody here in Butler County did anything wrong,” Gaddie said. “Everybody did what they were supposed to do.”

I disagree. The people who were trying to identify a suspect did not use a reliable form of identification. They used a known-faulty and singular data point — a name.

The comment from Gaddie looks like a form of glib reassurance, as though admitting fault would be unacceptable. The “just following procedures” argument is a pathetic excuse in this case. The facts speak for themselves — sloppy work led to an expensive false arrest and detention. Anyone who reads the news knows about identity theft. Sheriffs should be more professional and use caution before blowing a county budget on a wild goose chase.

Oros could have contributed to the confusion when he signed an extradition waiver.

That sounds like “blame the victim”.

The Louisville newspaper reported that Oros asked prison officials in California to verify his claims that he wasn’t the right person, but they apparently didn’t run the check and Oros signed the waiver allowing him to be transferred without a hearing.

“I asked him why he signed the waiver of extradition,” Gaddie said. “And he said he didn’t know what he was signing.”

Or perhaps he knew that he was signing a free road trip across America at the expense of Kentucky tax payers? But seriously, the burden seems to be that a man had to prove his innocence even though the only thing tying him to a crime was his name. Now prison officials, as well as law enforcement officers, are implicated in this strange tale of guilty by name until proven innocent.

Oros told the Louisville paper that he enjoyed the ride to Kentucky – his first trip outside California.

“They fed me good,” he said. “They were entirely nice people.”

Sign up now for your free trip.

When their fingerprints didn’t match, Oros was removed from his cell and officials began making arrangements to get him back home. Oros, who recently graduated from barber college, thanked the deputy jailers by giving them free haircuts.

“They all look good now,” he said.

Mugshot did not match, fingerprint did not match; the only match was the name. Brilliant. Will anybody be told what “they are supposed to do” so this does not happen again? How nice of Oros to let his jailers off the hook. He seems like a very trusting guy.

I doubt the county was motivated to import a recent barber college graduate for haircuts so it still stands to reason that sloppy detective work and lack of information security awareness is at the heart of this sad but funny story.

The Norwegian King’s Guard clearly has a cute sense of honor:

The original Nils Olav first became an honorary member of the regiment in 1972, when a young lieutenant called Nils Egelien visited the penguins at the zoo, but died in the 1980s, and was replaced by the current Nils Olav.

The photo is by the Associated Press and they have a nice collection of similar shots. It really does look like Nils Olav is doing an inspection. I wonder if the guard uses fish oil or similar scent to keep Nils engaged.