A Massachusetts hospital has agreed to pay $1.5 million to the federal government to resolve allegations it violated the Health Insurance Portability and Accountability Act Security Rule by failing to properly protect patients' protected health information maintained on portable devices.
The settlement follows an investigation by the Department of Health and Human Services Office for Civil Rights that was sparked by a data breach report from the hospital, according to a Sept. 17 HHS news release.
In 2010, the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc., collectively referred to as MEEI, in Boston reported to OCR a data breach that occurred because a doctor's laptop computer containing unencrypted patient data was stolen, according to a Sept. 17 statement from the hospital.
The resulting federal investigation indicated that Massachusetts Eye and Ear had “failed to take necessary steps to comply with certain” Security Rule requirements, including ensuring data maintained on portable devices, such as laptop computers, was protected from unauthorized users and that procedures were in place for identifying and reporting data security incidents, according to the HHS release.
“OCR's investigation indicated that these failures continued over an extended period of time, demonstrating a long-term, organizational disregard for the requirements of the Security Rule,” HHS said.
Massachusetts Eye and Ear said the OCR review was “triggered by the hospital's proactive self-reporting” of the data breach incident and that no patients were harmed as a result of the breach.
The hospital said it was “disappointed” by the size of what it characterized as a fine from HHS considering the “lack of patient harm” and the hospital's relatively low annual revenues.
“The rapid advancement of mobile technology has been both a boon and a bane for healthcare providers,” the hospital said in its statement. “In the case of Mass. Eye and Ear, it has tremendous benefit for our doctors and our researchers, enabling them to collaborate and pursue their work while they are on the move. It has also created new challenges for the entire healthcare community in the area of security safeguards.”
In addition to the settlement, Massachusetts Eye and Ear agreed to enter into a corrective action plan that includes a review and revision of its policies for complying with the Security Rule.
Under the resolution agreement, MEEI will pay HHS $500,000 on Oct. 15, and will pay subsequent payments of $500,000 on Oct. 15, 2013, and Oct. 15, 2014.
The resolution agreement is available at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/meei-agreement.html.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).