![]() |
Legal News Disclosure of Electronic Protected Health Information Leads to Record HIPAA FineNew York Presbyterian Hospital and Columbia University recently agreed to pay a combined total of $4.8 million for their failure to secure thousands of patients’ electronic protected health information (“ePHI”) held on a shared network. This fine is the largest ever Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) settlement to date. Although two separate entities, New York Presbyterian and The OCR investigation began when the entities received a complaint in September 2010 from an individual who found the ePHI of his deceased partner, who had been a patient at New York Presbyterian, on the internet. The exposed ePHI of nearly 7,000 patients included their status, vital signs, medications, and laboratory results. The two institutions submitted a joint breach report on September 27, 2010 detailing the disclosure and notified the affected individuals personally, as well as media outlets. In a joint statement, New York Presbyterian and In addition to the breach, the OCR determined that New York Presbyterian and Due to the breach and these deficiencies, New York Presbyterian agreed to pay $3,300,000 in fines and Acting Deputy Director of Health Information Privacy for OCR, Christina Heide, advised that entities who share joint compliance arrangements also “share the burden of addressing the risks to protected health information.” She further provided that this case should warn healthcare institutions about how crucial their data security is when managing information systems. |
Hickory Pointe 2250 Hickory Rd, Suite 300 Plymouth Meeting, PA 19462 Phone: (610) 834-8800 Fax: (610) 834-1749 info@obrlaw.com |