Two organizations fined $4.8 million for HIPAA violations
HIM-HIPAA Insider, May 12, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
OCR recently slapped two organizations with the largest monetary penalty for HIPAA violations to date: $4.8 million. New York and Presbyterian Hospital (NYP) and Columbia University (CU) submitted a joint breach report to OCR in September 2010 following the unauthorized disclosure of ePHI of 6,800 patients, according to an HHS press release.
NYP and CU are separate covered entities (CE) that are often referred to jointly as New York Presbyterian Hospital/Columbia University Medical Center because many CU faculty members serve as attending physicians at NYP. The two have a shared data network and shared network firewall, according to HHS.
A CU physician accidentally made the ePHI of NYP patients publically searchable on the internet after deactivating a personally-owned computer server on the network, leading to the breach. The OCR investigation revealed that the server lacked appropriate safeguards.
Additionally, NYP and CU failed to take the necessary precautions to ensure the security of the server prior to the breach. Neither CE had recently performed a risk analysis and therefore did not have a risk management plan. NYP lacked necessary database access policies and procedures and did not comply with its information access management policies, according to HHS.
Each CE paid a portion of the total settlement, with NYP to paying $3.3 million and CU paying $1.5 million. Each CEs agreed its own corrective action plan (CAP) that highlights the need for performing a risk analysis, developing a risk management plan, revising policies and procedures, training staff, and updating OCR as needed.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Nursing responsibilities for managing pain
- Complications from immobility by body system
- Note similarities and differences between HCPCS, CPT® codes
- Q&A: Primary, principal, and secondary diagnoses
- The consequences of an incomplete medical record
- Practice the six rights of medication administration
- Neurological checks for head injuries
- Prevent dehydration with nursing interventions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Capturing start and stop times for infusions
- Differentiate between types of wound debridement
- Developing a Fall-Prevention Program
- CDC alert: Screen for international travel as Ebola cases increase
- Q&A: Utilization Review Committee Membership
- Life Safety Code Q&A: Ambulatory care soiled utility room
- Helping Charge Nurses understand their leadership role (Part 2 of 3)
- Five ways to safeguard your patients' valuables
- Searched