October 21, 2021

Volume XI, Number 294

Advertisement
Advertisement

October 20, 2021

Subscribe to Latest Legal News and Analysis

October 19, 2021

Subscribe to Latest Legal News and Analysis

October 18, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Texas Hospital Order to Pay $4.3M for Failure to Implement its HIPAA Security Policies

A Texas hospital was recently ordered by an administrative law judge to pay a $4,300,000 penalty for three data breaches over the course of 2012 and 2013 that exposed the personal health information – including social security numbers, patient names and treatment records – of more than 33,000 individuals in violation of HIPAA. The specific incidents related to the theft of an unencrypted laptop and the loss of unencrypted USB flash drives, both of which contained electronic personal health information.

In reaching his decision against the hospital, the University of Texas MD Anderson Cancer Center, the judge noted that although the hospital developed and approved written encryption policies and protocols in 2006, it did not  fully implement them. For example, full encryption had still not been achieved in November 2013. The judge rejected the argument that encryption of the exposed data was not required under HIPAA because the data was used for research purposes.

Putting it Into PracticeThis decision is a reminder that it is not enough to create policies, procedures and protocols. Regulators will look to see that they have been implemented as well. This is a good reminder not only for those in the healthcare field, but in other industries as well. 

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume VIII, Number 186
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Matthew Shatzkes Attorney New York Sheppard Mullin
Partner

Matthew Shatzkes is a partner in the Corporate Practice Group in the New York office of Sheppard Mullin and is a member of the firm’s healthcare practice team.

Areas of Practice

Matthew provides strategic, regulatory, compliance, and transactional advice to all manner of health care clients, including health systems, hospitals, academic medical centers, long-term care providers, ambulatory surgery centers, diagnostic and treatment centers, physician practices, digital health companies and investors....

212-634-3062
Advertisement
Advertisement
Advertisement