If you ever wonder if you should be concerned about HIPAA compliance, think about this latest Office of Civil Rights (OCR) settlement with New York Presbyterian Hospital (NYP) and Columbia University Medical Center (CU).
Following a joint breach report on September 27, 2010, when NYP and CU disclosed the breach of electronic protected health information of 6,800 individuals, which included patient status, vital signs, medications and laboratory results, the OCR investigated and concluded that neither entity had an adequate risk management plan to address potential threats and hazards to the security of ePHI. As a result NYP paid a monetary settlement of $3,300,000 and CU paid $1,500,000, along with both entities undertaking a risk analysis, developing a risk management plan, revising policies and procedures, training staff and providing progress reports. Christina Heide, OCR’s Acting Deputy Director of Health Information Privacy was quoted as stating that “our cases against NYP and CU should remind health care organizations of the need to make data security central to how they manage their information systems.”
Here’s a link to the OCR press release for this settlement: http://www.hhs.gov/news/press/2014pres/05/20140507b.html.
Making data security central to how you manage your information systems is vital to avoiding privacy breaches. Be sure to ask a trusted attorney about your HIPAA/HITECH compliance to ensure you’re abiding by the law.
By Denise Bloch