Skip to content

Physician Law Blog

We provide insights and analysis for physicians, nurses, chiropractors, dentists, physical therapists and other health professionals on issues impacting their practices.

Physician Law Blog
October 14, 2015

HIPAA News - $750,000 Settlement Following Stolen Laptop

Ever wonder if the Office of Civil Rights (“OCR”) is serious about the requirements for a HIPAA Security risk analysis and policy specific to removing hardware and electronic media containing ePHI from a covered entity’s facility? Yes, the OCR is extremely serious about those requirements as Cancer Care Group, P.C. (“Cancer Care”), a radiation oncology private practice, with 13 radiation oncologists discovered after reporting a breach of ePHI.

Physician Law Blog
July 13, 2015

Happy HIPAA Times - Medical Center Settles with the OCR for Use Of Internet-Based Document Sharing

The OCR announced a settlement of $218,400 along with adoption of a robust plan of correction with St. Elizabeth’s Medical Center (SEMC) of Brighton, MA for alleged HIPAA violations. Before the settlement, SEMC had two different events leading up to it entering the resolution agreement with HHS. The first allegation involved a complaint to the OCR that employees were using an internet-based document sharing application to store ePHI without analyzing the associated security risks, exposing at least 498 individuals’ ePHI.

Physician Law Blog
April 30, 2015

Happy HIPAA Thursday - Paper Records Count too!

Just ask Cornell Prescription Pharmacy about disposal of unshredded paper pharmacy records containing protected health information (PHI), and you will hear that this pharmacy paid $125,000 plus it has entered a Resolution Agreement with the OCR. Not only is this pharmacy paying a significant penalty, it will be under a corrective action plan to correct deficiencies in their HIPAA compliance program and must submit the members of their workforce to receive training on that program within 30 days of implementing the policies and procedures.

Physician Law Blog
April 23, 2014

HIPAA Update - OCR Takes Unencrypted Laptops Seriously

OCR issued an update regarding two important HIPAA settlements involving theft of unencrypted laptops. The first involved Concentra Health Systems report of a breach that an unencrypted laptop was stolen from the Springfield Missouri Physical Therapy Center. After concluding that Concentra had previously recognized its lack of encryption in multiple risk analyses, its efforts to protect patient PHI remained vulnerable due to incomplete and inconsistent encryption. As a result, Concentra agreed to pay OCR $1,725,220 to settle the violations and will be implementing a corrective action plan to remediate the findings.