Health care

Health System Hit with More than $2 Million in Civil Penalties under HIPAA

By Edward I. Leeds on October 25, 2019

Posted in Data Breach, Health Information Technology for Economic and Clinical Health Act (HITECH), Health Insurance Portability and Accountability Act (HIPAA), Identity Theft, Incident Response, Investigation, Personal Information

Following on the heels of a few relatively small HIPAA settlements, the U.S. Department of Health and Human Services Office of Civil Rights (OCR) announced that it has imposed $2,154,000 in civil monetary penalties against Jackson Health System in Florida for its failure to meet HIPAA privacy and security requirements. The OCR announcement and accompanying…

Beware the Bright Lights

By Edward I. Leeds on September 25, 2018

Posted in Health Information Technology for Economic and Clinical Health Act (HITECH), Health Insurance Portability and Accountability Act (HIPAA)

The Office of Civil Rights of the Department of Health and Human Services has announced settlements with three different Boston-area hospitals for allegedly compromising the privacy of protected health information by inviting documentary film crews on premises without first obtaining patient authorization. The three settlements call for a total of almost $1 million in penalty payments and require each of the hospitals to undertake corrective action. The corrections are not the same for each hospital and range from workforce education and communication to the establishment of specific procedures, for example, for deciding when to allow media access and for putting safeguards in place to monitor film crew activity.
Continue Reading Beware the Bright Lights

Closure of Business Does Not Foreclose HIPAA Liabilities

By Edward I. Leeds on February 14, 2018

Posted in Data Breach, Health Information Technology for Economic and Clinical Health Act (HITECH), Health Insurance Portability and Accountability Act (HIPAA), Privacy Law and Regulation

Filefax, Inc., a health care records moving and storage company that served as a business associate, went into receivership in 2016. But its receivership did not put an end to an OCR investigation into a HIPAA violation from 2015. Now, the receiver for Filefax has agreed to pay a fine of $100,000 and to properly store, inventory, and dispose of the medical records remaining in its possession under HHS supervision.

The investigation began with a complaint that OCR received about the exposure of a large volume of documents containing protected health information. The investigation confirmed that an individual had left medical records of approximately 2,150 patients at a shredding and recycling facility and that Fllefax had either left the PHI in an unlocked truck in the Filefax parking lot or granted permission to a person to remove the PHI from Filefax and left the PHI, unsecured, outside the Filefax facility for that person to collect.
Continue Reading Closure of Business Does Not Foreclose HIPAA Liabilities

Menu

CyberAdviser

Health care

Health System Hit with More than $2 Million in Civil Penalties under HIPAA

Beware the Bright Lights

Closure of Business Does Not Foreclose HIPAA Liabilities

CyberAdviser

Contact

About