March 27, 2013

First HIPAA Breach Settlement Involving Less Than 500 Patients Announced

First HIPAA Breach Settlement Involving Less Than 500 Patients Announced

The $50,000 fine assessed on the attached article is a reminder that institutions and physicians need to continue training and vigilance on patient data. Human error, as well as technology issues can lead to significant exposure to fines and censure.

The Hospice of Northern Idaho (HONI) has agreed to pay the Department of Health and Human Services Office for Civil Rights (OCR) $50,000 to settle potential HIPAA violations. This is the first settlement involving a breach of unsecured electronic protected health information (ePHI) affecting fewer than 500 individuals. HONI reported to OCR that an unencrypted laptop computer containing the ePHI of 441 patients had been stolen in June 2010.

In a press release, OCR Director Leon Rodriquez stated, “This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information.”

As OCR steps up its enforcement of HIPAA rules and regulations, MGMA is hosting a webinar to assist practice professionals in understanding new HIPAA requirements included in the recently released HIPAA Omnibus rule. The 90-minute webinar entitled “HIPAA Omnibus Rule – A practical approach for physician practices” features national HIPAA expert and former OCR regulator Adam Greene, JD, MPH. Practices will learn about the important changes and identify practical compliance approaches.

Source: MGMA Washington Connexion Newsletter from 3.6.2013

Related Industry