July 9, 2020

Volume X, Number 191

July 09, 2020

Subscribe to Latest Legal News and Analysis

July 08, 2020

Subscribe to Latest Legal News and Analysis

July 07, 2020

Subscribe to Latest Legal News and Analysis

July 06, 2020

Subscribe to Latest Legal News and Analysis

ALJ Judge Upholds OCR’s $4,348,000 Data Breach Penalty on Texas Hospital

HIPAA has teeth.  On June 1, 2018, an Administrative Law Judge (ALJ) ruled that the University of Texas MD Anderson Cancer Center violated HIPAA.  In doing so, the ALJ granted the Office of Civil Rights (OCR) summary judgment, requiring the hospital to fork up the $4,348,000 in civil monetary penalties imposed by OCR. 

The underlying facts of this data breach involved the theft of an unencrypted laptop from a physician’s home and the loss of two unencrypted thumb drives.  Combined, this theft and loss compromised the PHI of 33,500 individuals. To make matters worse, upon investigating the breaches, OCR uncovered that the hospital’s own risk analyses, as far back as 2006, found that the Hospital’s lack of device-level encryption was a high risk.  Unfortunately, the hospital did not act on the risk, failing to encrypt its inventory of electronic devices containing PHI.

The important lessons learned here are twofold.  First, take the risks identified by risk analyses seriously.  More importantly, why HIPAA is scalable, entities should try to implement some measures to address the associated risks identified by the analyses.  Second, all covered entities and business associates should ensure that they encrypt portable media devices.  Unfortunately, theft happens and small USB drives are lost or misplaced.  For when the inevitable happens, encryption is one of your best defenses.

© Copyright 2020 Murtha CullinaNational Law Review, Volume VIII, Number 173


About this Author

Daniel Kagan, Murtha Cullina, health care attorney, regulatory compliance lawyer, reimbursement issue legal counsel

Mr. Kagan is an associate in the Health Care Group of Murtha Cullina.  He represents hospitals, physicians and other health care clients with a wide range of regulatory, compliance, risk management and reimbursement issues.

Prior to joining Murtha Cullina, Mr. Kagan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court. 

Mr. Kagan received his J.D. with honors from the University of Connecticut Law School where he was a Notes and Comments Editor ...