All Posts in Category: Case Study

alj upholds hipaa violations

ALJ Upholds HIPAA Violations: $239,800 In Civil Monetary Penalties

Home health care provider Lincare, Inc. must pay $239,800 in civil monetary penalties for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule, according to a February 3, 2016 press release from the U.S. Department of Health and Human Services (“HHS”). The announcement follows a January 13, 2016 administrative ruling granting summary judgment in favor of the HHS’s Office for Civil Rights (“OCR”). This is only the second time that OCR has sought civil monetary penalties for a HIPAA violation; OCR typically resolves violations through undertakings for voluntary compliance.

Lincare, a nationwide provider of respiratory care, infusion therapy, and medical equipment to in-home patients, came under investigation in 2008 after OCR received a complaint from the estranged husband of an Arkansas-based Lincare employee. Based on a subsequent investigation by OCR, OCR alleged that the employee routinely left documents containing 278 patients’ protected health information (“PHI”) in unsecure locations, such as the couple’s shared car and home. It was undisputed that the employee’s husband was not authorized to view the PHI. Moreover, according to OCR, the employee abandoned the documents altogether after moving residences.

In January 2014, after concluding the lengthy investigation, OCR cited Lincare for three violations of HIPAA’s Privacy Rule, which sets standards for the use and disclosure of protected health information. OCR issued corresponding civil monetary penalties for each alleged violation: (1) $25,000 for impermissible disclosure of PHI; (2) $25,000 for failure to safeguard PHI; and (3) $189,800 for insufficient policies and procedures related to the removal of PHI from business premises. In calculating penalties, OCR took into account that Lincare neglected to review and revise its HIPAA policies after learning about the complaint.

On appeal, Administrative Law Judge (“ALJ”) Carolyn Cozad Hughes granted summary judgment in favor of OCR after concluding that, based on the “undisputed evidence,” Lincare violated HIPAA’s Privacy Rule. Specifically, the ALJ found that Lincare failed to safeguard the PHI of patients; a Lincare employee disclosed patient PHI to an unauthorized individual; and Lincare lacked policies and procedures designed to ensure compliance with the Privacy Rule. Lincare waived any challenge to the penalty amount, and the ALJ sustained OCR’s proposed civil monetary penalties of $239,800. Lincare has 30 days to file a notice of appeal with the Appellate Division of the HHS Departmental Appeals Board.

Original content by JDSupra Business Advisor

Read More
911 dispatcher fired

911 Dispatcher Fired For Sharing Caller’s PHI on Facebook

A Catoosa County 911 dispatcher was fired Friday morning for sharing on Facebook the private information of at least one person who called 911.

Holly Dowis was terminated Friday following an internal investigation into her conduct while on the job.

A Channel 3 investigation found Dowis sent a screenshot to Facebook friends in a private chat of one man’s call to 911 requesting emergency assistance.

Sixty-year-old Ringgold resident Ron Darnell called Catoosa County dispatch on December 23rd when he had a blood clot which resulted in an “embarrassing” medical problem.

“I had a blood clot break loose and come out of my body,” he said. “I called to get emergency help and I almost died that day.”

911 Dispatcher FiredThe 911 dispatch screen detailing his call included his name, phone number, address and exact medical complaint. Dowis then took a photo of all that personal information and posted it to a Facebook group chat with some friends.

“A call I just took,” Dowis wrote.

Darnell fears he’s not the only victim. “If they put out mine, how many others have they put out of other people that don’t know it and just making fun of people?”

Dowis has worked with the county since 2007 and was named communications officer of the year in 2013.

“911 is an organization that we must rely on to keep information confidential and to communicate that information to law enforcement officials only and she has violated the public trust,” said Chattanooga Attorney Stuart James.

County Manager Jim Walker said Dowis was fired for misconduct and violating federal and county rules. The county learned of the allegations Tuesday, placed Dowis on administrative leave Wednesday, concluded its investigation Thursday and officially terminated her Friday morning at 11 a.m.

Walker said Dowis had committed similar offenses in the past, though not to this severity, and had been issued warnings.

Darnell told Channel 3 that her losing her job is not enough. He wants to see criminal charges filed against Dowis, which Chattanooga attorney Stuart James said is not far-fetched.

“There’s this thing called HIPAA that guarantees our medical records remain private and that they are private from other people seeing those records,” Stuart James said. “What I see here is not only did she discuss the medical condition the man was suffering from but also named his name, put his address of the Internet and it was a huge privacy concern for him, a huge HIPAA violation, and a huge problem for the 911 center down in Georgia.”

James said criminal charges would be up to a district attorney. But he said in terms of a civil lawsuit, there are issues of a man’s right to privacy, HIPAA violations, and possible libel and slander.

Channel 3 reached out to Dowis and left her a voicemail asking for her side of the story. She has not returned that call as of early Friday afternoon.

Original content by WRCBtv

Read More
Feds Wont Punish URMC

Feds Wont Punish URMC for Last Year’s HIPAA Violation

The University of Rochester Medical Center will not face any action by the federal government after a breach of patient privacy last year involving a nurse practitioner who was leaving for a new job.

URMC was fined $15,000 by the office of New York state Attorney General Eric Schneiderman and required to take other action to ensure compliance with the Health Insurance Portability and Accountability Act after the practitioner shared protected patient information with her new employer, Greater Rochester Neurology.

URMC had to report the breach to the federal Department of Health and Human Services, whose Office for Civil Rights investigates HIPAA breaches. Violations fall into four categories with corresponding penalties. The maximum fine is $1.5 million.

HHS neither confirms nor denies investigations, but URMC officials acknowledged in December that the agency was looking into the violation.

Feds Wont Punish URMC

Asked to provide an update, associate vice president for communications Christopher DiFrancesco wrote in an email, “HHS is aware of the resolution reached with the New York State Attorney General, and they informed us last month that they do not plan to take any further action regarding this matter.”

The attorney general’s office declined comment on whether it was investigating Greater Rochester Neurology. A call to the practice about any action taken against it was not immediately returned.

Last May, URMC officials announced a breach involving a nurse practitioner in the department of neurology.

An investigation by the attorney general found that on March 27, the nurse practitioner asked URMC for list of patients she had treated and received a spreadsheet of patient names, addresses and diagnoses.

The nurse practitioner, whom URMC eventually confirmed as Martha Smith-Lightfoot, shared the information with her new employer, Greater Rochester Neurology.

URMC said it learned of the breach on April 24 by patients who said they received letters from Greater Rochester Neurology.

URMC said Smith-Lightfoot requested the list to help ensure the continuity of care for patients she was leaving. URMC received assurance from Greater Rochester Neurology that the information had been returned or deleted.

In addition to paying the fine, URMC had to train staff on HIPAA policies, including how patient information is handled when employees leave or join the system, and for three years has to report breaches to the attorney general.

Original content by Democrat & Chronicle

Read More
montana va privacy violations

Missing Box of Records Among Montana VA Privacy Violations

FORT HARRISON – A recent report shows a pattern of patient privacy violations at the Veterans Affairs medical system. And the VA Montana at Fort Harrison has not been immune — with dozens of violations since 2011, including the apparent disappearance of a box containing the records of 171 patients.

Online news organization ProPublica obtained the data from the U.S. Department of Veterans Affairs and the U.S. Department of Health and Human Services Office of Civil Rights, which track violations of the the nation’s main privacy law — the Health Insurance Portability and Accountability Act, or HIPAA.

The report shows 59 HIPAA violations in Montana reported in 2011 or thereafter — 44 of them involving VA Montana (including two violations at the VA’s Denver office that involved Montana patients).

Nearly all of the HIPAA violations involved mistakenly sending information, bills or lab results to the wrong veteran.

But one violation stands out: Back in 2010, the VA in Sheridan, Wyoming sent a box with the records of 171 veterans to the wrong location — a VA warehouse at Fort Harrison, where a VA worker signed for it, according to a letter uncovered by ProPublica.

“Following receipt at the VA’s warehouse, the box was lost and never found,” the regional director of the USHHS Office of Civil Rights recounted in a letter to the VA in November 2011. The letter says it’s possible warehouse personnel forwarded the papers to the correct recipient, the Network Authorization Office. But the NAO was unable to confirm it ever got them. The VA revised its mail procedures as a result of the breach, the letter says, and instituted a new software system to the allow the NAO access to scanned records to perform its audits.

In another case, an unauthorized VA staffer found a patient’s cell phone number in medical records. In all cases, the VA provided credit monitoring services for those affected.

In an email a VA Montana spokesman noted that the most common violation — information mailed to the wrong veteran — occurred in just 18 of the more than 500,000 mailing VA Montana sent in Fiscal Year 2015. “Despite the incredibly low incidence of missed mailings, VA Montana has worked diligently to reduce them entirely by implementing strict staff procedures that emphasize quality and accountability,” the spokesman, Mike Garcia, wrote.

The VA requires annual privacy and information security training for all its employees and contractors, he said, and they are required to report all violations. In addition to the 44 violations connected to the VA, the ProPublica data shows 15 violations at health care providers and others in Montana.

Available details on most of those violations are sparse, but the incidents include the 2014 hack of data at the Montana Department of Public Health and Human Services, in which hundreds of thousands of pieces of sensitive information may have been vulnerable.

Original Content by KBZK

Read More
university of washington hipaa violations

University of Washington HIPAA Violations: Settlement Over Potential Violations

Dec. 14 — University of Washington Medicine reached a $750,000 settlement with the federal government to resolve allegations it violated the Health Insurance Portability and Accountability Act Security Rule, the government said Dec. 14.

The Department of Health and Human Services Office for Civil Rights began investigating UWM after receiving a November 2013 report of a breach that affected the electronic protected health information (PHI) of roughly 90,000 patients.

Read More
worst data breaches 2015

The 10 Worst Data Breaches 2015

There’s no sugarcoating the fact that 2015 was a dizzying year for data breaches, and disastrous for many organizations and consumers. In the first half of the year alone, Gemalto NV found that 888 disclosed security incidents compromised nearly 246 million records worldwide.

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website