Recent 3.9 Million HIPAA Settlement Over Improper Disclosure of Research Participant PHI Highlights Need for HIPAA Compliance

On March 17, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) announced a $3.9 million settlement with Feinstein Institute for Medical Research for potential violations of the HIPAA Security Rules. OCR began an investigation after Feinstein filed a breach report indicating that a laptop computer containing electronic protected health information (ePHI) of approximately 13,000 patients and research participants was stolen from an employee’s car. The ePHI at issue included research participant names, dates of birth,… Read More >

Recent HIPAA Settlement Involves Disposal of Unsecured Paper Records Containing Protected Health Information

On April 27, 2015, The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an agreement with Cornell Prescription Pharmacy (Cornell) to settle potential violations of the HIPAA Privacy Rule. In its Resolution Agreement, Cornell has agreed to pay $125,000, implement comprehensive policies and procedures in compliance with the HIPAA Privacy Rule, and provide staff training. Cornell, a small, single-location pharmacy in Denver, Colorado, was the subject of an OCR compliance review and investigation after a… Read More >

$800,000 HIPAA Settlement Related to Disposal of Medical Records

On June 23, 2014, the Department of Health and Human Services Office for Civil Rights (OCR) announced an $800,000 settlement with Parkview Health System, Inc. in connection with potential HIPAA violations. According to the OCR press release, Parkview agreed to pay $800,000 and adopt a corrective action plan to address deficiencies in its HIPAA compliance program. OCR indicated it opened an investigation after receiving a complaint from a retiring physician alleging violations of the HIPAA Privacy Rule. The press release… Read More >

Reminder Postcards for Satisfaction Survey Result in HIPAA Privacy Rule Violation

On May 2, 2014, the Maryland Department of Health and Mental Hygiene issued a press release regarding a HIPAA Privacy Rule violation by a subcontractor of the Developmental Disabilities Administration (DDA). Specifically, the DDA contracts with vendor Inclusion Research Institute who subcontracts with M. Davis and Company to conduct quality of life surveys for individuals receiving DDA services. In February 2014, M. Davis and Company mailed postcards to approximately 2200 individuals to remind them to complete and return a satisfaction… Read More >