Health Information Management

HHS, Providence Health & Services reach Resolution Agreement: Health system agrees to pay $100,000, implement corrective action plan for HIPAA violations

HIPAA Weekly Advisor, July 21, 2008

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

The Department of Health and Human Services (HHS) and Providence Health & Services have entered into a Resolution Agreement that includes a payment to HHS and corrective action plan for the Seattle-based health system to settle potential HIPAA privacy and security rule violations that occurred in 2005 and 2006, according to a July 17 HHS press release.
 
In addition to paying the $100,000 resolution amount to HSS, Providence has agreed to a “robust” corrective action plan to help ensure the future protection of its electronic PHI from theft or loss, according to the press release.

The Resolution Agreement comes after two entities within the Providence health system—Providence Home and Community Services and Providence Hospice and Home Care—were involved in several incidents in 2005 and 2006 dealing with the loss or theft of multiple items containing the unencrypted PHI of more than 386,000 patients, according to the press release. The items included laptop computers, optical disks, and electronic backup tapes, all of which HIPAA required Providence to safeguard because they contained patient information.

According to the press release, the corrective action plan requires the following:
  • Revised policies and procedures for physical and technical safeguards relating to storage and transport of devices or media containing PHI, subject to the approval of HHS
  • Work force training for staff members
  • Mandatory audits and facility site visits

  • Submission of compliance reports to HHS for three years 

“We are committed to effective enforcement of health information privacy and security protections for consumers,” Winston Wilkinson, director of the Office for Civil Rights said in the press release. “Other covered entities that are not in compliance with the Privacy and Security Rules may face similar action.”

To view the HHS press release, visit www.hhs.gov/news/press/2008pres/07/20080717a.html.
To view the resolution agreement, visit www.hhs.gov/ocr/privacy/enforcement/resolution.html.



Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Comments

0 comments on “HHS, Providence Health & Services reach Resolution Agreement: Health system agrees to pay $100,000, implement corrective action plan for HIPAA violations

 

  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • Medical Records Briefing

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentaion can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Weekly Monitor

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular

Related Articles