July 19, 2019

July 19, 2019

Subscribe to Latest Legal News and Analysis

July 18, 2019

Subscribe to Latest Legal News and Analysis

July 17, 2019

Subscribe to Latest Legal News and Analysis

Another HIPAA Breach, Another 6-Figure HIPAA Settlement

A Colorado Hospital reached a $111,400 settlement with the Office for Civil Rights (“OCR”) for failing to terminate a former employee’s access to electronic protected health information.  OCR’s investigation uncovered that the hospital impermissibly disclosed electronic protected health information of over 500 individuals to the former employee because it failed to terminate that employee’s access.  Additionally, OCR found that the hospital impermissibly disclosed information to Google Calendar, without a business associate agreement.  There are two main takeaways here.

First, with the New Year around the corner, it would be a great time to reexamine your HIPAA policies and procedures.   OCR makes clear that it does not take a breach of protected health information in order to be subject to an enforcement action.  Rather, OCR’s Director states that:  “Covered entities that do not have or follow procedures to terminate information access privileges upon employee separation risk a HIPAA enforcement action. “ Therefore, all organizations must ensure that they have proper procedures and safeguards in place for when employees leave.

Second, covered entities must have business associate agreements in place with all organizations, even web-based platforms, which will maintain, use or disclose electronic protected health information.  As a prophylactic measure in the new year, we recommend conducting an audit of your organization’s vendor agreements, examining (1) whether the vendor maintains, uses or discloses protected health information and (2) if so, whether there is a compliant business associate agreement in place.

© Copyright 2019 Murtha Cullina


About this Author

Daniel Kagan, Murtha Cullina, health care attorney, regulatory compliance lawyer, reimbursement issue legal counsel

Mr. Kagan is an associate in the Health Care Group of Murtha Cullina.  He represents hospitals, physicians and other health care clients with a wide range of regulatory, compliance, risk management and reimbursement issues.

Prior to joining Murtha Cullina, Mr. Kagan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court. 

Mr. Kagan received his J.D. with honors from the University of Connecticut Law School where he was a Notes and Comments Editor ...