News & Information

Data Breach Results in $4.8 Million HIPAA Settlements

Two health care organizations recently agreed to settle charges that they potentially violated the HIPAA of 1996 (Health Insurance Portability and Accountability Act) Privacy and Security regulations by failing to secure thousands of patients' electronicly protected health information (ePHI) held within their network. The cash payments of $4,800,000 are the largest HIPAA settlement to date.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started its investigation of New York & Presbyterian Hospital (NYP) and Columbia University (CU) following their completion of a joint breach report, which was dated September 27, 2010, in reference to the disclosure of the ePHI of 6,800 individuals, including patient statuses, vital signs, medication, and lab results.

Articles 2 Stolen Laptop Incidents Lead to Penalties

Relatively Small Breaches Result in Hefty Fines.

The Department of Health and Human Services has entered HIPAA settlements totaling nearly $2 million with two covered entities that reported relatively small breaches involving stolen unencrypted laptop computers.

The news is significant because the most common cause of major healthcare data breaches listed on the official HHS breach tally is lost or stolen unencrypted devices or media, with laptops frequently involved.

OCR will likely be looking at why it took Valley View Hospital five months to discover the malware

Abner interviewed following up on the VVH incident on Aspen Public Radio by Roger Adams.
"While it would appear on the surface that hospitals that get hacked are victims of the hackers, Weintraub says there is an important distinction."

"If the homeowner was somehow responsible for protecting medical records, gold bars or other valuables in their home and had accepted their responsibility under the law and were regulated accordingly and then the problem occurred and their home was broken into. In that case it would be appropriate to fine the homeowner for their home being broken into."

VVH Hacked: 5400 Patient Records Breached

Abner interviewed following the VVH incident on Aspen Public Radio by Roger Adams.

"So, a collection of a hundred medical records including socials, home address, diagnoses, physicians name, dates of service, things like that; a collection of a hundred or a thousand or ten thousand medical records represents cash."

"the attackers, the hackers, are up all night. Most IT security departments are not. They tend to have automated systems that are around the clock but the threat is very real and it's an enormous threat. Attacks continue to be successful in the health care community or against health care targets."

Copyright © 2021 Abner E. Weintraub - Expert HIPAA Consulting