HHS Makes Changes to HIPAA Civil Monetary Penalty Caps

The U.S. Department of Health and Human Services (HHS) has issued a notification that it is changing the way it applies the assessment of Civil Money Penalties (CMPs) against those who violate the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) […]

Hospital Employees Fired for Celebrity Snooping

You’ve heard the saying “curiosity killed the cat,” well in the case of dozens of hospital employees, curiosity may have killed their careers. Earlier this month, Chicago’s Northwestern Memorial Hospital fired dozens of employees who allegedly accessed the medical records of actor Jussie Smollett without authorization, according to numerous published reports. The Empire actor was […]

HIPAA Enforcement tops $28M in 2018

If it seems as if HIPAA violations were in the news more often than ever last year, that may be because 2018 saw an all-time record year in HIPAA enforcement activity. There were 10 cases settled and one judgement secured by the Office of Civil Rights (OCR) of the U.S. Department of Health and Human […]

Hospital Fails to Terminate Former Employee’s Access to HIPAA-Protected Data

A recent HIPAA enforcement action should serve as a reminder to healthcare organizations of the need to terminate an employee’s access to patients’ electronic protected health information (ePHI) immediately after that employee leaves the organization. The most recent action – the third within a month – involved Pagosa Springs Medical Center in Colorado. The critical […]

Failure to Have Business Associates Agreement in Place Proves Costly

 A medical group practice based in Lakeland, Fla. must pay $500,000 to settle potential HIPAA violations and adopt a substantial corrective action plan after a data breach that could have affected more than 9,000 patients was discovered. According to the Office for Civil Rights of the U.S. Department of Health and Human Services, between November […]

Allergy Center’s HIPAA Fine Nothing to Sneeze at

A Connecticut healthcare provider recently learned it’s better not to comment in public about a patient, even if that patient has disclosed his or her own protected health information (PHI) to others. The incident involved Allergy Associates of Hartford, a provider specializing in the treatment of patients with allergies. The patient called a local television […]

How an Innocent Social Media Post Can Turn Into a HIPAA Violation

A Texas nurse recently learned that you don’t have to identify a patient by name to violate Health Insurance Portability and Accountability Act (HIPAA) rules. According to a number of published reports, the unidentified woman, who worked as an ICU/ER  nurse, was fired from her job with Texas Children’s Hospital in Houston after posting about […]

HIPAA Violation Results in $4.3M Fine for Cancer Center

If you haven’t taken stringent measures to protect patient privacy, this recent ruling from a U.S. Department of Health and Human Services Administrative Law Judge might spur you into action. The ALJ ruled that University of Texas MD Anderson Cancer Center violated HIPAA Privacy and Security Rules and granted summary judgment to the Office for […]

Dumpster Diver Demonstrates Importance of Proper Medical Record Storage and Disposal

Just because a business closes its doors, it doesn’t mean that it no longer is obligated to safeguard patients’ protected health information (PHI), as one company recently learned. Earlier this month, the receiver appointed to liquidate the assets of Filefax, Inc. agreed to pay $100,000 out of the receivership estate to settle potential HIPAA violations. […]

What You Should Know About OCR’s HIPAA Privacy Audits

Have you received a request from HHS Office for Civil Rights (OCR) asking that you provide the name of your privacy official along with any additional criteria? If you have, then you likely are aware that you may be the focus of a HIPAA privacy audit. This is part of the Phase 2 HIPAA Audit […]

Material presented on the Health Law Offices of Anthony C. Vitale's website is intended for information purposes only.

It is not intended as professional advice and should not be construed as such.