September 29, 2020

Volume X, Number 273

September 29, 2020

Subscribe to Latest Legal News and Analysis

September 28, 2020

Subscribe to Latest Legal News and Analysis

Unauthorized TV Cameras in Hospitals Yield Costly HIPAA Penalties of $999,000

For the second time in as many years, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into settlement agreements with and levied hefty fines on three hospitals that allegedly impermissibly disclosed patients’ protected health information to ABC News in the course of filming a television network documentary series.  OCR announced on September 20 that Boston Medical Center, Brigham and Women’s Hospital and Massachusetts General Hospital each reached agreements with HHS in which they agreed to pay a collective $999,000 to settle potential violations of the HIPAA Privacy Rule.  According to each of the settlement agreements, HHS alleges that the covered entities allowed film crews into patient areas of the hospitals in late 2014 and January 2015 without appropriately safeguarding patients’ PHI from disclosure.  In April 2016, a New York hospital agreed to pay $2.2 Million and enter into a settlement agreement and corrective action plan with OCR for similar alleged HIPAA violations that occurred during the filming of the television show “NY Med.”

The take away for covered entity providers, here, is that written authorization from patients must be obtained prior to allowing media personnel to enter non-public areas of facilities and especially prior to allowing filming of patients for non-clinical purposes, including for medical documentaries, news pieces, or tv dramas.  As OCR made clear in its FAQ guidance document on this topic, it is not sufficient to simply require the film crew to later obscure the identity (via blurring, pixilation, or voice alteration) of any patients whose image or voice were recorded but who did not provide written authorization because the HIPAA Privacy Rule does not allow media access to the patients’ PHI in the first place absent an authorization.   When providers require filming services to produce training videos or marketing materials in which patients are identified or PHI may be accessible, entering into a HIPAA business associate agreement is the best practice in addition to obtaining prior written authorizations from patients whose PHI is included in any public materials.

© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume VIII, Number 276


About this Author

Jennifer Tharp, Environmental Attorney, Cleveland, Squire Patton Boggs Law Firm

Jennifer Tharp is an associate in the Environmental, Safety & Health group. During law school, she completed a summer internship with a private research university, where her projects included regulatory analysis for counsel of both the university and health system. She also worked as a research assistant for a nonprofit operating federally funded research and development centers on tasks including policy analysis and compliance.

She provides clients with assistance in environmental, safety and health-law sectors. 

+1 216 479 8537