If it seems as if HIPAA violations were in the news more often than ever last year, that may be because 2018 saw an all-time record year in HIPAA enforcement activity.
There were 10 cases settled and one judgement secured by the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services totaling $28.7 million. That figure surpassed the previous record of $23.5 million from 2016 by 22 percent.
The biggest chunk of that was $16 million, which came from a settlement with Anthem for one of the most extensive data breaches in U.S. history. Amounts paid by others ranged from $100,000 by Filefax in January 2018 to a $4.3 million judgment in June against the University of Texas MD Anderson Cancer Center. Although OCR usually negotiates settlements, in the case of MD Anderson, it contested OCR’s decision. The matter was referred to an Administrative Law Judge who upheld OCR’s penalty.
Other breaches that resulted in settlements included:
- January: Fresenius Medical Care North America – $3.5 million
- August: Boston Medical Center – $100,000
- September: Brigham and Women’s Hospital – $384,000
- September: Massachusetts General – $515,000
- September: Advanced Care Hospitalists – $50,000
- October: Allergy Associates – $125,000
- November: Pagosa Springs – $111,400
- December: Cottage Health – $3 million
In the settlements involving Boston Medical Center, Brigham and Massachusetts General, patient privacy was alleged to have been compromised when television crews were invited to film a documentary series and filmed patients without first obtaining authorization.
The final settlement of the year with California-based Cottage Health, which operates four hospitals, was the result of two separate data breaches, one in December 2013 and the other in December 2015 involving more than 62,500 individuals.
In this digital age, it has becoming increasingly important for healthcare providers and facilities to make sure that patients health information remains protected. New threats emerge daily. Being proactive is critical. Organizations should undertake risk assessments designed to detect any potential threats or vulnerabilities. Having a compliance program in place is critical and can save you headaches, not to mention significant money.
The Health Law Offices of Anthony C. Vitale’s highly skilled team of experienced legal professionals can help you to create a HIPAA Privacy and Security compliance program designed to meet your unique needs. Give us a call at 305-358-4500 or send an email to info@vitalehealthlaw.com and let’s discuss how we might be able to assist you.
Ready to find out more?
Call 305-358-4500 to schedule a
FREE 15-minute consultation today!