August 15, 2022

Volume XII, Number 227

Advertisement
Advertisement

August 15, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Breach Report Leads to $1.5 Million HIPAA Security Settlement

A Massachusetts provider, yesterday, agreed to pay $1.5 million to settle potential violations of the HIPAA Security Rule.  The provider also agreed to abide by a corrective action plan requiring improvement in policies and procedures to safeguard the privacy and security of patient protected health information (PHI) and retain an independent monitor for a three-year period. 

The settlement comes after an investigation from the U.S. Department of Health and Human Services Office of Civil Rights (OCR) following a breach report submitted by the provider.  The breach report noted the theft of an unencrypted personal laptop containing electronic PHI (ePHI) of the provider’s patients and research subjects.  OCR found that the provider failed, over an extended period of time, to comply with various Security Rule requirements including:

  • Conducting a thorough risk analysis regarding the confidentiality of ePHI maintained on portable devises
  • Implementing security measures sufficient to ensure the confidentiality of ePHI that the provider created, maintained, and transmitted using portable devices
  • Adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices
  • Adopting and implementing policies and procedures to address security incident identify, reporting, and response.

OCR noted that the provider’s continued failures demonstrate “a long-term, organizational disregard for the requirements of the Security Rule.”  Yesterday’s settlement is a large settlement for alleged provider HIPAA violations.  It emphasizes the need for providers to consistently update their risk analysis and policies and procedures, prioritize HIPAA compliance, and maintain compliance programs with continued monitoring.

©2022 von Briesen & Roper, s.cNational Law Review, Volume II, Number 262
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

von Briesen & Roper’s Health Law Section provides comprehensive legal services to the health care industry nationwide as both general counsel and special project counsel. Our clients include integrated delivery systems, academic medical centers, community hospitals, Catholic-sponsored hospitals, rural and critical access hospitals, imaging centers, physicians and multi-specialty clinics, specialty hospitals, ancillary suppliers, home health agencies, nursing homes, hospices, assisted living facilities, mental health and AODA facilities, DME suppliers, laboratories,...

414-287-1514
Advertisement
Advertisement
Advertisement