HIPAA Alert: $475,000 Hit for Late Breach Notification By Jeanine Lehman, Attorney

HIPAA Alert: $475,000 Hit for Late Breach Notification By Jeanine Lehman, Attorney

On January 9, 2017, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), announced the first HIPAA enforcement action and settlement based on the late reporting of a breach of unsecured protected health information (PHI). Presence Health, a large Illinois healthcare network, settled potential violations of the HIPAA Breach Notification Rule by paying $475,000 and implementing a corrective action plan. The breach involved missing
paper-based operating room schedules containing the PHI of 836 individuals. Information included individuals’ names, dates of birth, medical record numbers, dates of procedures, types of procedures, surgeon names, and types of anesthesia. OCR’s investigation revealed that Presence Health failed to notify, without unreasonable delay and within 60 days of discovering the breach, each of the 836 individuals affected by the breach, prominent media outlets (as required for breaches affecting 500 or more individuals), and OCR. The notification was provided by Presence Health 101 days after the discovery of the breach presumably over 40 days late. OCR commented on the settlement.

“Covered entities need to have a clear policy and procedures in place to respond to the Breach Notification Rule’s timeliness requirements” said OCR Director Jocelyn Samuels.


“Individuals need prompt notice of a breach of their unsecured PHI so they can take action that could help mitigate any potential harm caused by the breach.”

 

Make today your greatest ever!

 

*** Duane Tinker ***
Chief Compliance Coach & Consultant 
Dental Compliance Specialists

CONNECT WITH DUANE

Dental Compliance Specialists helps make dental offices safer for patients, dentists and their employees. We help our clients develop and maintain their compliance programs including OSHA/Infection Control, HIPAA, DEA regulations and prescribing practices, Radiation Safety, OIG/Medicaid Compliance, Record Auditing, and more by providing actionable systems, easy-to-use tools, robust training, and accountability. Most of our clients have never been in trouble and want to keep it that way. Sometimes, though, dentists call when they are in trouble. In either case, we are there to make a meaningful difference. If you need help call us at 817-755-0035.

Previous Article Next Article