OCR Issues Two HIPAA Enforcement Actions, Totaling Over $2.9 Million

April 25, 2016 Kathryn Drake

OCR recently announced two HIPAA enforcement actions with healthcare organizations: Raleigh Orthopaedic Clinic and New York Presbyterian Hospital. Our VP of Compliance Strategies was interviewed by HealthcareInfoSecurity and offered his insight into the two cases.

The first organization, Raleigh Orthopaedic Clinic, must pay a $750,000 penalty stemming from an incident involving a vendor tasked with converting x-rays to digital images in exchange for harvesting the silver from the x-rays. The clinic failed to execute a Business Associate Agreement prior to releasing the films to the vendor. The enforcement action, announced by Jocelyn Samuels at the recent HCCA Compliance Institute, also requires the organization to update its policies and procedures to be in alignment with HIPAA requirements. In an article on HealthcareInfoSecurity, our David Holtzman discusses the settlement and reiterates the importance of effective vendor management process.

The second organization, New York Presbyterian Hospital, received a penalty of $2.2 million and a corrective action plan related to the filming of the television series “NY Med.” During filming, patients in the ER were filmed during visits to the ER without first obtaining their permission. Additionally, the crew of the series were allowed virtually unrestricted access to the hospital, potentially allowing access of PHI. In another article on HealthcareInfoSecurity, David Holtzman discusses this settlement and how the hospital could have avoided this mistake.

Previous Article
CMS Proposed MIPS/MACRA Would Have Little Impact on Privacy & Security
CMS Proposed MIPS/MACRA Would Have Little Impact on Privacy & Security

The Centers for Medicare & Medicaid Services (CMS) is proposing changes to how the Medicare program provide...

Next Article
How Do I Protect Myself From Ransomware?
How Do I Protect Myself From Ransomware?

In the last few weeks there have been several high-profile publicized ransomware attacks in healthcare, and...


Subscribe to Our Monthly Cyber Bulletins with the Latest News, Tips and More!

First Name
Last Name
Thank You!
Error - something went wrong!