The Office for Civil Rights (OCR) recently announced settlements with healthcare-related entities, including:

  • The OCR entered into a settlement with The Center for Children’s Digestive Health (CCDH) for $31,000.  CCDH is a small for-profit health care provider with seven locations in Illinois. The settlement arose out of an OCR compliance review initiated in August 2015 after an investigation of a CCDH business associate that stored inactive paper medical records for CCDH.  While CCDH had been disclosing PHI to the vendor since 2003, neither party could produce a business associate agreement in effect prior to October 12, 2015.  In addition to the settlement payment, CCDH has also entered into a corrective action plan with OCR.
  • The OCR issued a press release announcing that it has settled alleged HIPAA violations with MHHS for $2.4 million for disclosing PHI in a media press release.  According to the Resolution Agreement it has inked with the OCR, MHHS must also implement a corrective action plan, including updating its policies and procedures, training staff and requiring all of the facilities in the system to “attest to their understanding of permissible uses and disclosures of PHI, including disclosures to the media.”  Read more here.
  • The OCR announced on April 24, 2017, that it has settled alleged HIPAA violations with CardioNet, a wireless health services provider based in Pennsylvania, for $2.5 million.  CardioNet self-reported a data beach in January 2012, stating that an unencrypted laptop of one of its employees was stolen from a vehicle parked outside the employee’s home.   CardioNet self-reported a data beach in January 2012, stating that an unencrypted laptop of one of its employees was stolen from a vehicle parked outside the employee’s home. Read more here.

These posts are also being shared on our Data Privacy +Security Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Pamela Del Negro Pamela Del Negro

Pamela H. Del Negro is a member of Robinson+Cole’s Health Law Group, where she advises institutional providers, including hospitals and ambulatory surgery centers, as well as physician practice groups, community providers, and other health care entities on health care issues and general corporate…

Pamela H. Del Negro is a member of Robinson+Cole’s Health Law Group, where she advises institutional providers, including hospitals and ambulatory surgery centers, as well as physician practice groups, community providers, and other health care entities on health care issues and general corporate matters. She provides legal counsel on a full range of transactional and regulatory health law issues, including co-management arrangements; compliance plans; the acquisition and merger of medical entities; Medicare and Medicaid fraud and abuse and the Stark law; hospital affiliations; the privacy and security of personal health information; corporate governance; private placements; and contracting. She also works with clients on managed care contracting, the corporate practice of medicine issues, clinical integration and antitrust issues, and the structuring and acquisition of electronic health records technology, including the negotiation and documentation of software agreements. Read her full rc.com bio here.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman is chair of the firm’s Data Privacy + Security Team. She is also an active member of firm’s Health Law Group, education practice, Environmental + Utilities Group, Insurance + Reinsurance Group, and Business Litigation Group. Her practice focuses on data privacy…

Linn Freedman is chair of the firm’s Data Privacy + Security Team. She is also an active member of firm’s Health Law Group, education practice, Environmental + Utilities Group, Insurance + Reinsurance Group, and Business Litigation Group. Her practice focuses on data privacy and security law, responses to data breaches, compliance with federal and state privacy and security laws, breach notification laws, and assisting clients with regulatory investigations.

Ms. Freedman is experienced in providing counsel to health care organizations, Regional Health Information Organizations, and privacy and security issues related to interoperability of electronic health records. She has litigated complex cases, including privacy cases, and class action data breach litigation in state, federal, and appellate courts, government investigations, and serves as general counsel of the Rhode Island Quality Institute. Read her full rc.com bio here.