Days after the US Department of Health and Human Services (HHS) imposed a $4.3 million civil penalty on a Maryland health care provider Cignet, Massachusetts General Hospital agreed to a $1 million settlement for potential HIPAA violations.Mass General, one of the largest hospitals in country, was accused of breaching the provisions of the Health Insurance Portability and Accountability Act (HIPAA) after losing the health records of 192 patients.
Affected individuals included people suffering from HIV/AIDS that were part of the hospital's Infectious Disease Associates outpatient practice.
The records contained protected health information (PHI) such as patient name, date of birth, diagnosis, schedule, health insurer, policy number, name of providers, and were lost by a Mass General employee on the subway.
The HHS Office for Civil Rights (OCR) concluded that Mass General did not implement reasonable and appropriate safeguards to protect health information, which is a violation of the HIPAA Privacy Rule.
In addition to the $1,000,000 monetary settlement, the hospital also agreed to a Corrective Action Plan (CAP) that involves developing and implementing health information protection polices, training its personnel, perform compliance audits and reporting back to the HHS with their findings twice a year.
"
We hope the health care industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement. It is a covered entity’s responsibility to protect its patients’ health information,"
said OCR Director Georgina Verdugo.
"
To avoid enforcement penalties, covered entities must ensure they are always in compliance with the HIPAA Privacy and Security Rules. A robust compliance program includes employee training, vigilant implementation of policies and procedures, regular internal audits, and a prompt action plan to respond to incidents," she added.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
