• E-mail
• Print
• RSS

Health system agrees to pay $100,000 for HIPAA violations

Healthcare Security Weekly, July 28, 2008

Hospitals that aren’t taking the security of patients’ medical information seriously, may want to step up their efforts.

The Department of Health and Human Services (HHS) and Providence Health & Services have entered into a Resolution Agreement that includes a payment to HHS and corrective action plan for the Seattle-based health system to settle potential HIPAA privacy and security rule violations that occurred in 2005 and 2006, according to a July 17 HHS press release.

In addition to paying the $100,000 resolution amount to HSS, Providence has agreed to a “robust” corrective action plan to help ensure the future protection of its electronic protected health information (PHI) from theft or loss. The Resolution Agreement comes after two entities within the Providence health system—Providence Home and Community Services and Providence Hospice and Home Care—were involved in several incidents in 2005 and 2006 dealing with the loss or theft of multiple items containing the unencrypted PHI of more than 386,000 patients. The items included laptop computers, optical disks, and electronic backup tapes, all of which HIPAA required Providence to safeguard because they contained patient information.

• E-mail to a Colleague
• Print
• RSS
• Archive