Category: HHS/OCR



$500,000 Settlement for Failure to Comply with Basic HIPAA Compliance Requirements

Share

Advanced Care Hospitalists PL (ACH) and the Office for Civil Rights of the U.S. Department of Health and Human Services (HHS-OCR) entered into a $500,000 no-fault settlement and two year corrective action plan (CAP) to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading

Physician Provided PHI to Media When “No Comment” Would Have Sufficed

Share

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $125,000 no-fault settlement and two-year corrective action plan with Allergy Associates of Hartford, P.C. (Allergy Associates) stemming from an incident involving a physician who impermissibly released protected health information (PHI) to the media.

Continue reading

Three Separate OCR Settlements Resulting from Hospital Failures to Obtain Patient Authorization for Use of Protected Health Information Before Filming Television Docuseries

Share

The Department of Health and Human Services, Office for Civil Rights (OCR) announced three separate settlements with Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH), respectively, over potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule totaling $999,000. According to the settlements, the potential violations were the result of the alleged disclosure of patient protected health information (PHI) to ABC News employees during the production and filming of the docuseries called  “Save My Life: Boston Trauma,” at each hospital.

Continue reading

$4 Million Judgment Awarded to Office for Civil Rights for HIPAA Violation

Share

A U.S. Department of Health and Human Services (HHS) Administrative Law Judge (ALJ) has ruled that the University of Texas MD Anderson Cancer Center violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in its failure to encrypt its electronic devices and ordered MD Anderson to pay $4,348,000 in civil monetary penalties  to the Office for Civil Rights (OCR). This is the second summary judgment ordered in favor of the OCR in its history, and the fourth largest amount recovered by OCR for HIPAA violations.

Continue reading

Involuntary Dissolution Does Not Absolve Business Associate of HIPAA Obligations

Share

A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 to the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) in a no-fault settlement regarding potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Filefax, an entity involuntarily dissolved by the Illinois Secretary of State in August 2017, previously provided services to HIPAA covered entities, including storage, maintenance, and delivery of medical records.  On February 10, 2015, OCR received an anonymous complaint alleging that an individual had transported medical records obtained from Filefax to a shredding and recycling facility to sell on February 6 and 9, 2015.  OCR investigated the matter and confirmed that an individual had left medical records that contained the protected health information (PHI) of approximately 2,150 patients at the shredding and recycling facility.  OCR’s investigation indicated that Filefax had either left the PHI in an unlocked truck in its parking lot or granted permission to an unauthorized person to remove the PHI from Filefax, and left the PHI unsecured outside of the Filefax facility.

Continue reading

OCR Kick Starts 2018 with Severe $3.5 Million HIPAA Settlement and Corrective Action Plan

Share

Fresenius Medical Center North America (FMCNA) agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and adopt a two-year comprehensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

The no-fault resolution agreement states that FMCNA reported five separate incidents that occurred between February 23, 2012 and July 18, 2012 at five distinct FMCNA facilities (FMCNA Covered Entities).  FMCNA provides centralized corporate support to the FMCNA Covered Entities, including storing patient’s medical records, creating and disseminating HIPAA policies and procedures, and investigating the circumstances surrounding each breach reported to it by the FMCNA Covered Entities.

Continue reading

« Older posts

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy