Hospital to Pay $1 Million to Settle HIPAA Privacy Claims

The federal government has made clear that it is serious about enforcing the HIPAA Privacy and Security Rules.  Before HITECH’s data breach notification requirements were in place and being enforced, a Massachusetts General Hospital employee took documents containing protected health information (“PHI”) from her bag and placed them on the seat beside her while commuting on the subway. The documents were left on the subway and never recovered.  Unfortunately, the documents included PHI of 192 patients who had been treated in the hospital’s infectious disease practice, including HIV/AIDS patients. 

The hospital and its physicians’ organization have agreed to pay the federal government $1 million in fines related to the subway incident. The hospital has also agreed to develop a comprehensive new privacy policy to prevent patient information from being compromised in the future, which includes providing training to workers. The hospital is required to remit semi-annual compliance reports to the U.S. Dept. of Health and Human Services for the next three years.

“To avoid enforcement penalties, covered entities must ensure they are always in compliance with the HIPAA Privacy and Security Rules,” HHS Office of Civil Rights Director Georgina Verdugo said in a statement. “A robust compliance program includes employee training, vigilant implementation of policies and procedures, regular internal audits, and a prompt action plan to respond to incidents.”

The settlement stems from a 2009 complaint from a patient whose personal health information was lost.

Source: Donnelly, Julie M. Boston Business Journal. 24 Feb. 2011.

© 2011 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s