Healthcare Network Settles With OCR for Breach of Notification Requirements
The HIPAA settlement is the first to enforce the notification rule.
The largest healthcare network serving Illinois settled a potential HIPAA violation for $475,000 with the Office for Civil Rights Monday.
The settlement followed Presence Health’s potential violation of the HIPAA Breach Notification Rule, which requires healthcare entities to notify the OCR of potential breaches within 60 days of discovery.
It is the first time the OCR has enforced the notification rule and shows institutions the importance of reporting breaches to the Department of Health.
RELATED: Former N.H. Hospital Patient Releases Private Health Data
“Covered entities need to have a clear policy and procedures in place to respond to the Breach Notification Rule’s timeliness requirements” said OCR Director Jocelyn Samuels. “Individuals need prompt notice of a breach of their unsecured PHI so they can take action that could help mitigate any potential harm caused by the breach.”
The potential breach was discovered on Oct. 13, 2013, when pieces of paper containing operating room schedules went missing from the Presence Surgery Center at the Presence St. Joseph Medical Center in Joliet, Illinois.
The papers contained patient names, dates of birth, medical record numbers, dates and types of procedures, surgeon names and types of anesthesia.
Presence notified the OCR of the breach on Jan. 31, 2014.
Per the notification rule, breaches affecting more than 500 people must be reported within 60 days of discovery. The Presence breach affected 836 people.
Read the full Resolution Agreement and Corrective Action Plan here.
Read Next: UCLA Medical Center Investigating Breach of Kanye West’s Medical Records
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!