OCR Announces $800,000 HIPAA Settlement with Florida Health System

Rivkin Radler LLP
Contact

Rivkin Radler LLP

 

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced another settlement for alleged violations of HIPAA. OCR investigated BayCare Health System, which serves central Florida, after a patient complained to OCR in 2018 that her medical record was accessed by an unauthorized individual.

The patient told OCR that she was contacted by an unknown individual who was in possession of her medical records and showed her photographs of her printed medical record, as well as video recordings of her electronic medical record (EMR) on a computer screen. OCR’s investigation confirmed that the individual was a “malicious insider” who was a former employee of an affiliated physician practice. The physician practice was given access to BayCare’s EMR system for purposes of continuity of care for patients who were treated by both of the covered entities.

OCR concluded that BayCare failed to implement adequate HIPAA policies and procedures, failed to reduce risks and vulnerabilities of its EMR system, and failed to regularly review activity logs as to who was accessing its systems. BayCare settled the case with OCR by agreeing to pay a $800,000 monetary penalty and to implement a corrective action plan which includes updating its HIPAA policies and procedures and retraining its workforce on HIPAA compliance.

As part of the settlement announcement, OCR reminded all covered entities that HIPAA requires administrative, physical and technical safeguards to be put into place in order to protect the privacy and security of electronic medical records. In addition, access to records should be limited to the minimum necessary information that is needed by authorized individuals. Complying with these HIPAA requirements minimizes the risk of being targeted by a malicious actor, such as in the BayCare case.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Rivkin Radler LLP

Written by:

Rivkin Radler LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Rivkin Radler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide