Customer Support 24/7

Blog

Presence Health settles HIPAA breach suit for $475,000

Presence Health settles HIPAA breach suit for $475,000
http://www.healthcareitnews.com/news/presence-health-settles-hipaa-breach-suit-475000

The Office for Civil Rights said the Presence suit marks the first HIPAA enforcement action it imposed on a provider for lack of timely breach notification.

By Bernie Monegain
09:56 AM
Share 97
 
Presence Health HIPAA suit

Presence Health, one of the largest healthcare networks in Illinois, has agreed to pay a $475,000 fine for failing to report a breach of unsecured protected health information in a timely manner.

Officials at the Department of Health and Human Services, Office for Civil Rights, which enforces the Health Insurance Portability and Accountability Act, noted it is the first settlement based on untimely reporting.

On January 31, 2014, OCR received a breach notification report from Presence indicating that on October 22, 2013, the health system discovered that paper-based operating room schedules, which contained the PHI of 836 individuals, were missing from the Presence Surgery Center at the Presence St. Joseph Medical Center in Joliet, Ill. The information consisted of the affected individuals’ names, dates of birth, medical record numbers, dates of procedures, types of procedures, surgeon names, and types of anesthesia. 

[Also: Onsite HIPAA audits coming in 2017, OCR says]

OCR’s investigation revealed that Presence Health failed to notify, without unreasonable delay and within 60 days of discovering the breach – as required by law – each of the 836 individuals affected.

“Covered entities need to have a clear policy and procedures in place to respond to the Breach Notification Rule’s timeliness requirements” OCR Director Jocelyn Samuels said in a statement. “Individuals need prompt notice of a breach of their unsecured PHI so they can take action that could help mitigate any potential harm.”

Twitter: @Bernie_HITN
Email the writer: This email address is being protected from spambots. You need JavaScript enabled to view it.

Continue reading
204 Hits

Memorial Hermann ordered to pay $2.4 million over immigrant incident



Memorial Hermann ordered to pay $2.4 million over immigrant incident

http://www.healthcareitnews.com/news/memorial-hermann-ordered-pay-24-million-over-immigrant-incident

Patient was arrested for showing a fake Social Security card, but Texas health system was still held liable for releasing name.

By Susan Morse
03:25 PM
Share 335
 
Memorial Hermann HIPAA violation

Memorial Hermann Health System has gotten slapped with a $2.4 million fine after being found liable for breaking HIPAA rules by releasing the name of a patient who was arrested, even though the identity became public through police records.

Memorial Hermann Health System has agreed to pay $2.4 million to the U.S. Department of Health and Human Services to settle potential violations of the Health Insurance Portability and Accountability Act,  according to HHS. 

In September 2015, a patient at one of Memorial Hermann’s clinics presented an allegedly fraudulent identification card to office staff, according to HHS. Staff immediately alerted authorities, and the patient was arrested. 

That disclosure was permitted under the HIPAA Rules, HHS said. But the Texas health system subsequently violated HIPAA by publishing a press release with the patient’s name in the title of the document.

Between Sept. 15 and 19, 2015, Memorial Hermann disclosed the patient’s name through press releases issued to 15 media outlets and reporters, HHS said. Senior hospital executives also disclosed the patient’s protected information to an advocacy group, state representatives, a state senator, and on its website.

The patient was 44-year old Blanca Borrego, an immigrant from Mexico who was arrested at a gynecologist’s office after presenting a fake ID, according to the Houston Chronicle. She had lived in the Houston area for 12 years and had no record of prior arrests, the report said.

Protestors of the incident stood outside of the medical office and said hospitals, as well as churches, should be safe zones for immigrants.

Borrego’s fate since the 2015 incident is not known. At least one of her three children is reportedly an American citizen. 

The resolution agreement, signed on April 20 by Memorial Hermann President and CEO Benjamin Chu, MD, agrees to pay the U.S. Department of Health and Human Services $2.4 million and to adopt a comprehensive corrective action plan.

The action plan requires MHHS to update its policies and procedures on safeguarding private information from impermissible uses and to train its workforce. 

The HHS Office for Civil Rights initiated a compliance review of Memorial Hermann based on multiple media reports suggesting that it disclosed the patient’s protected health information without an authorization. 

“Senior management should have known that disclosing a patient’s name on the title of a press release was a clear HIPAA Privacy violation that would induce a swift OCR response,” said OCR Director Roger Severino. “This case reminds us that organizations can readily cooperate with law enforcement without violating HIPAA, but that they must nevertheless continue to protect patient privacy when 
making statements to the public and elsewhere.”

Memorial Hermann is a nonprofit health system comprised of 16 hospitals and specialty services in the Greater Houston area.

Twitter: @SusanJMorse

Continue reading
219 Hits

Lack of timely action risks security and costs money

  Authentication required.

This is a password protected blog, please kindly enter the password into the password field below to view the blog.

You’ve Had a Health Data Breach – Now What?

  Authentication required.

This is a password protected blog, please kindly enter the password into the password field below to view the blog.

Incident Response: Best Practices for Incident Response in the Event of a Data Breach

  Authentication required.

This is a password protected blog, please kindly enter the password into the password field below to view the blog.

EasyBlog - Archive Module

January
March
April
May
July
August
September
October
November
December
January
February
April
August
September
October
November
December
January
February
March
April
May
June
July
August
September
October
November

Federal Course Overview

Take a few minutes and watch our introduction.

Get a 10% Discount in Your Inbox



Where to find us?

Address
Compliance Learning Solutions, LLC
395 Sawdust Road, Suite 2136
The Woodlands, Texas 77380-2299
Phone Number
1-888-447-5517
Email
contactus@hipaats.com