September 16, 2021

Volume XI, Number 259

Advertisement

September 16, 2021

Subscribe to Latest Legal News and Analysis

September 15, 2021

Subscribe to Latest Legal News and Analysis

September 14, 2021

Subscribe to Latest Legal News and Analysis

Another HIPAA Breach, Another 6-Figure HIPAA Settlement

A Colorado Hospital reached a $111,400 settlement with the Office for Civil Rights (“OCR”) for failing to terminate a former employee’s access to electronic protected health information.  OCR’s investigation uncovered that the hospital impermissibly disclosed electronic protected health information of over 500 individuals to the former employee because it failed to terminate that employee’s access.  Additionally, OCR found that the hospital impermissibly disclosed information to Google Calendar, without a business associate agreement.  There are two main takeaways here.

First, with the New Year around the corner, it would be a great time to reexamine your HIPAA policies and procedures.   OCR makes clear that it does not take a breach of protected health information in order to be subject to an enforcement action.  Rather, OCR’s Director states that:  “Covered entities that do not have or follow procedures to terminate information access privileges upon employee separation risk a HIPAA enforcement action. “ Therefore, all organizations must ensure that they have proper procedures and safeguards in place for when employees leave.

Second, covered entities must have business associate agreements in place with all organizations, even web-based platforms, which will maintain, use or disclose electronic protected health information.  As a prophylactic measure in the new year, we recommend conducting an audit of your organization’s vendor agreements, examining (1) whether the vendor maintains, uses or discloses protected health information and (2) if so, whether there is a compliant business associate agreement in place.

© Copyright 2021 Murtha CullinaNational Law Review, Volume VIII, Number 347
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Daniel Kagan, Murtha Cullina, health care attorney, regulatory compliance lawyer, reimbursement issue legal counsel
Associate

Mr. Kagan is an associate in the Health Care Group of Murtha Cullina.  He represents hospitals, physicians and other health care clients with a wide range of regulatory, compliance, risk management and reimbursement issues.

Prior to joining Murtha Cullina, Mr. Kagan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court. 

Mr. Kagan received his J.D. with honors from the University of Connecticut Law School where he was a Notes and Comments Editor ...

203-772-7726
Advertisement
Advertisement
Advertisement