Breaking Compliance News Blog

* Breaking News: OCR announces $1.6 million HIPAA penalty

Posted by Margaret Scavotto, JD, CHC on 11/7/19 3:04 PM

This afternoon, the Office for Civil Rights announced its second HIPAA enforcement this week - this time, with a governmental agency. 

The Texas Health and Human Services Commission (TX HHSC) received a $1.6 million civil monetary penalty from the OCR for HIPAA Privacy and Security violations committed by the Texas Department of Aging and Disability Services (DADS), which is now part of TX HHSC.

In 2015, DADS notified OCR of a breach after it discovered that the ePHI for 6,617 individuals was accessible via the internet. OCR explains:

Read More

Topics: HIPAA, data breach, security, breach notification

* Breaking News: $3 million unencrypted mobile device HIPAA settlement

Posted by Margaret Scavotto, JD, CHC on 11/5/19 3:36 PM

This afternoon, the Office for Civil Rights (OCR) announced a $3,000,000 HIPAA settlement with the University of Rochester Medical Center (URMC). This settlement resolves Privacy and Security Rule allegations.

Read More

Topics: HIPAA, data breach, security

OCR announces $2.15 million HIPAA settlement

Posted by Margaret Scavotto, JD, CHC on 10/31/19 1:47 PM

 

Jackson Health System (JHS), a not-for-profit medical system in Miami, entered a $2.15 million settlement with the OCR to resolve potential violations of the Security and Breach Notification Rules.

In January 2013, JHS lost paper records for 756 patients. JHS reported this breach to the OCR in August 2013. During its investigation, JHS learned that three additional boxes of records affecting 1,436 patients were lost in December 2012; and JHS reported this breach to the OCR in June 2016.

In February 2016, JHS notified the OCR that an employee inappropriately accessed 24,000 patient records since 2011, and sold some patient PHI.

 

Upon investigating, the OCR found:

Read More

Topics: HIPAA, security, breach notification

Smartphones: The biggest HIPAA and abuse offenders

Posted by Margaret Scavotto, JD, CHC on 10/16/19 6:27 AM

It can be a HIPAA problem and an abuse problem: when nursing home staff take pictures of residents with their smartphones. Here’s an example.

CNA took photo of deceased resident and shared it to Snapchat

Five CNAs at a New York nursing home took photos and videos of residents—including one deceased resident—on their cell phones and shared them on Snapchat

The nursing home was notified of the incident when a member of the public called the administrator and reported that a CNA sent her a photograph of a deceased resident. This CNA admitted taking and sharing photos and videos of eight residents. Her reason for photographing the man who died was “because she was upset that the resident had passed away.” She also took five videos of another resident “mostly yelling and swearing” and sent them to another CNA.

Another CNA admitted that “everyone on the unit on the evening shift was using their cell phones.”

Read More

Topics: HIPAA, abuse, skilled nursing

Breaking News: First social media HIPAA settlement!

Posted by Scott Gima on 10/8/19 7:15 AM

 

Whenever a settlement agreement is announced, the OCR is sending a message to all providers. On October 2nd, The OCR announced a $10,000 settlement agreement with Elite Dental Associates in Dallas Texas. At first glance, it is easy to overlook this settlement; $10,000 does not seem to be a big deal when there are other cases with fines in the millions of dollars. For example, Anthem paid a record $16 million following the PHI breach of close to 79 million people; the largest health data breach in history. So what is the big deal? Or more importantly, what are the lessons to be learned from this breach? There are several.

Read More

Topics: HIPAA, Social Media

HIPAA question of the day: Do your employees snoop?

Posted by Margaret Scavotto, JD, CHC on 9/24/19 8:07 AM

Nurse snooped records of 1,309 patients

A medical center employee snooped medical records of 1,309 patients over 15 months. The nurse looked up records for patients assigned to herself, or to another nurse - but did not have a treatment reason to view the records. The patients were notified.

Car accident leads to firing of 12 employees for snooping

A health system suspended approximately 12 employees while it investigated a potential HIPAA breach. The investigation likely involves a fatal motor vehicle accident involving a health system employee. The driver and another passenger from the car accident were treated at local hospitals for injuries.

Receptionist fired for looking up co-worker contact info in EHR

Read More

Topics: HIPAA

Email HIPAA Breaches On the Rise

Posted by Margaret Scavotto, JD, CHC on 9/18/19 7:29 AM

According to the U.S. Department of Health and Human Services Office for Civil Rights (OCR), email breaches are on the rise.

The OCR maintains a database of breaches of unsecured protected health information affecting at least 500 individuals. MPA crunched some numbers, looking at OCR breach reports still under investigation for each six month period for the past 24 months. The number of email breaches reported to the OCR between the second half of 2017 and the first half of 2019 more than quintupled.

Let’s look at some real world examples to see how email use can breach HIPAA.

Read More

Topics: HIPAA, data breach, security

* Breaking News; OCR enters first HIPAA settlement in Right of Access Initiative

Posted by Margaret Scavotto, JD, CHC on 9/9/19 12:36 PM

* Breaking News *

The Office for Civil Rights (OCR) just announced its first settlement in the HIPAA Right of Access Initiative. 

Bayfront Health St. Petersburg paid an $85,000 settlement and entered a corrective action plan with the OCR to resolve allegations that it violated the HIPAA Privacy Rule by denying a patient the right to timely access to the medical records of her unborn child.

Read More

Topics: HIPAA

Not-for-profit provider hit with ransomware twice in four months

Posted by Scott Gima on 8/28/19 6:35 AM

A not-for-profit community health center that provides health care for low-income and uninsured patients experienced two ransomware attacks in a four-month period. 

 

The first attack shut down computers for three weeks while the center rebuilt its systems from backups, and did not pay the ransom. This approach is consistent with industry advice for two reasons. First, there is no guarantee that the data will be reinstated after ransom is paid. Second, paying ransom encourages future ransomware attacks.

The second attack likewise locked the center out of its medical records.

Read More

Topics: HIPAA, data breach, security

Nursing home sued after aides taunt resident on Snapchat

Posted by Margaret Scavotto, JD, CHC on 8/22/19 7:37 AM

Two nursing home certified nurse aides were fired and charged with disorderly conduct after filming a 91-year old resident in distress and posting the video to Snapchat. 

The two aides allegedly took a video recording of the resident in distress, while they waved a gown in her face - and the resident tried to push it away. The video caption read: "[Resident name] hates gowns," and was accompanied by laughing/crying emojis. Staff at the nursing home were aware that this resident did not care for hospital gowns.

Read More

Topics: HIPAA, abuse, skilled nursing

    Privacy Policy           Terms of Use