Health Information Management

Liability insurer contests claims for data breach, says hospital failed to follow basic security protocols

HIM-HIPAA Insider, June 15, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

A California hospital network that agreed to a $4.13 million settlement to a class-action lawsuit for exposing the PHI of more than 32,000 patients is now getting pushback from its liability insurance provider about paying the claims. The insurer says Cottage Health System didn’t take the minimum security measures to protect the PHI.
 
In December 2013, it was discovered the health system and a third-party vendor, InSync, stored patients’ unencrypted electronic medical records on a database accessible to the Internet. So, potentially, patients’ PHI could have showed up in an online search engine for the world to see. There was no evidence that actually happened at the time, but Cottage Health had to notify 32,755 patients there PHI may have been publicly exposed.
 
The health system then agreed to settle a class-action lawsuit brought by the patients. Chicago-based Columbia Casualty Company, Cottage Health’s liability insurer, paid the bill but then filed a complaint in federal court in May 2015, seeking repayment of the insurance claims.
 
The insurer says Cottage Health gave false responses to a risk control assessment when it applied for the liability policy and failed to implement basic security measures, such as having a system in place to detect unauthorized access to PHI or regularly re-assess its information security exposure.
 
The case is now winding its way through U.S. District Court for Central California.

This article appeared on HCPro’s
HIPAA Update blog. Stay up to date on all things HIPAA by signing up for e-mail updates from this blog.
 



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular