OCR announces HIPAA breach notification rule settlement

Jan 13, 2017 - 03:23 PM

The Department of Health and Human Services’ Office for Civil Rights this week announced the first Health Insurance Portability and Accountability Act settlement based on the untimely reporting of a breach of unsecured protected health information. Chicago-based Presence Health agreed to settle potential violations by paying $475,000 and carrying out a corrective action plan. “Because patient privacy is a top priority at Presence Health, we are working diligently with the OCR on all steps required under the corrective action plan; including additional associate training in HIPAA policies and procedures,” a spokesperson for the health system said. “This is the culmination of a several year process working with the OCR to resolve a matter we voluntarily reported to the OCR in 2014 related to an isolated incident involving paper records at a surgery center located in Joliet, IL. This incident did not involve any electronic records and did not involve any disclosure of patient contact or financial information. We are confident that reports on our progress to quickly implement revised policies and procedures will be positive.” According to OCR, covered entities must have a clear policy and procedures in place to respond to the breach notification rule’s timeliness requirements. For more on the breach notification rule, see the OCR guidance

Related News Articles

Headline
OCR finalizes rule prohibiting certain reproductive health care disclosures
The Department of Health & Human Services’ Office for Civil Rights April 22 released a final rule prohibiting entities regulated by the HIPAA Privacy Rule…
Headline
Cassidy proposes ways to strengthen health data privacy
Senate Health, Education, Labor & Pensions Committee Ranking Member Bill Cassidy, R-La., Feb. 21 released a report proposing ways to modernize the existing…
Headline
NIST updates HIPAA cybersecurity resource guide 
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage…
Headline
OCR releases telehealth privacy and security resources for providers, patients
The Department of Health and Human Services’ Office for Civil Rights Oct. 18 released a resource for health care providers who choose to educate patients about…
Headline
HHS updates tool to help providers assess HIPAA security risks
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights have updated…
Headline
COVID-19 HIPAA transition period for telehealth expires
Health care providers must comply with the HIPAA rules with respect to telehealth effective Aug. 9 at 11:59 p.m., when the 90-day enforcement discretion period…