Please be advised that contacting Miller Johnson or one of its attorneys by email does not constitute establishing an attorney-client relationship or otherwise confidential relationship between you and the Firm. Please do not give us any information you regard as confidential until a formal attorney-client relationship has been established. Any information you give to us before establishing an attorney-client relationship will not be regarded as privileged or confidential. Do you wish to proceed?
"*" indicates required fields
The fear of a HIPAA breach keeps doctors and other health care providers up at night. Two recent HIPAA fines are going to lead to more sleepless nights for doctors, insurers and hospitals.
HHS’s Office of Civil Rights (OCR) recently announced (https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/childrens) a $3.2 million civil monetary penalty against a children’s hospital in Texas related to multiple HIPAA violations over several years. The fine was for breaches involving the theft of an unencrypted blackberry and, a few years later, an unencrypted laptop. The large fine was due in part to the OCR’s determination that the facility failed to act even after breaches were experienced and failed to implement security measures recommended by two third parties.
A Florida hospital agreed to pay $5.5 million as part of a resolution agreement (https://www.hhs.gov/sites/default/files/memorial-ra-cap.pdf) after two employees inappropriately accessed patient information such as names, dates of birth and social security numbers and later sold the PHI. The OCR was particularly critical of the hospital’s failure to regularly review audit logs and access reports as required under the HIPAA Security Rule.
Key Takeaways:
Post authored by Tim Gutwald.