Hackensack Meridian Health and West Caldwell Care Center (WCCC) have been issued a final civil money penalty (CMP) of $100,000 by the Office for Civil Rights (OCR). The OCR has the authority to impose this penalty under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). WCCC has chosen not to contest the findings …
Yakima Valley Memorial Hospital has settled with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) for $240,000 after security guards accessed medical records without authorization. The hospital will update policies and procedures to protect patient information and train employees to prevent future breaches. OCR Director Melanie Fontes Rainer stressed the …
St. Joseph’s Medical Center has settled with the Office for Civil Rights (OCR) over a HIPAA investigation regarding the disclosure of patients’ protected health information to a news reporter. The medical center provided a national media outlet with access to COVID-19 patients’ information without obtaining written authorization. OCR determined that three patients’ information was disclosed, …
Read more “Disclosure of Patients’ Protected Health Information to a News Reporter”
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has settled a ransomware cyber-attack investigation with Doctors’ Management Services, a Massachusetts medical management company. The $100,000 settlement resolves a breach report regarding a ransomware attack that affected the health information of over 200,000 individuals. Doctors’ Management Services will be monitored …
Read more “HHS’ Office for Civil Rights Settles Ransomware Cyber-Attack Investigation”
UnitedHealthcare Insurance Company (UHIC) has reached a settlement with the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) over a potential violation of the HIPAA Privacy Rule’s right of access provision. UHIC agreed to pay $80,000 and implement a corrective action plan. This is the 45th Right of …
The HHS Office for Civil Rights has settled a HIPAA investigation with iHealth Solutions for $75,000. iHealth Solutions, a business associate, experienced a data breach affecting 267 individuals when a network server containing protected health information was left unsecured on the internet. The investigation found evidence of potential failures by iHealth Solutions to analyze risks …
Read more “HHS settles $75,000 HIPAA case with iHealth Solutions over Unsecured Server Disclosure”
From the HHS web site: “Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A. (UPI), a dental practice with offices in Charlotte and Monroe, North Carolina, impermissibly disclosed a patient’s PHI on a webpage in response to a negative online review. UPI did not respond to OCR’s data request, did not respond or object to an …
Read more “HIPAA Enforcement Action: Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A. (UPI)”
From the HHS site: “Dr. Donald Brockley, D.D.M., a solo dental practitioner in Butler, Pennsylvania, failed to provide a patient with a copy of their medical record. After being issued a Notice of Proposed Determination, Dr. Donald Brockley, D.D.M requested a hearing before an Administrative Law Judge. The litigation was resolved before the court made …
Read more “HIPAA Enforcement Action: Dr. Donald Brockley, D.D.M.”
From the HHS website “Northcutt Dental-Fairhope, LLC (Northcutt Dental), a dental practice in Fairhope, Alabama, who impermissibly disclosed its patients’ PHI to a campaign manager and a third-party marketing company hired to help with a state senate election campaign, agreed to take corrective action and pay $62,500 to settle potential violations of the HIPAA Privacy …
Read more “HIPAA Enforcement Action: Northcutt Dental-Fairhope, LLC (Northcutt Dental)”
From the HHS website “Jacob and Associates, a psychiatric medical services provider with two office locations in California, agreed to take corrective actions and pay OCR $28,000 to settle potential violations of the HIPAA Privacy Rule, including provisions of the right of access standard.” Resolution Agreement and Corrective Action Plan – PDF*