On February 16, the U.S. Department of Health and Human Services' Office for Civil Rights' announced a $5.5 million settlement with Memorial Healthcare Systems (MHS) to resolve alleged HIPAA violations. Eric Fader was quoted in an article about the settlement, "Florida Hospital Pays $5.5M to Settle Patient Record Breach," in Bloomberg BNA's Health Care Daily Report and other publications.
The article described how the MHS settlement, which arose out of the improper disclosure of patient records, highlights the importance of keeping track of employees' (and others') access to protected health information. MHS's Resolution Agreement with the OCR highlights yet another new wrinkle, Eric told Bloomberg BNA: "Although I'm sure the OCR has investigated many data breaches that involved audit control and access policies, I don't recall any publicly announced settlements of this nature." The large number of affected individuals (over 100,000) and the size of the penalty likely made this settlement a perfect candidate for publicizing through a press release, he added.
Eric pointed out that the Resolution Agreement is especially interesting because MHS's failure involved not reviewing and terminating employees' rights to access information, as opposed to not having proper procedures in place at all. There was also no indication in the Resolution Agreement that MHS didn't take the breach seriously once it was uncovered, or that it failed to cooperate with the OCR investigation. "The $5.5 million penalty, therefore, strikes me as rather high, but the fact that the breach apparently allowed the wrongdoers to sell individuals' protected health information surely contributed to the severity of the fine," Eric opined.
For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.
Click here for more Healthcare Blogs from Day Pitney
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.