HHS Announces Record
HIPAA Settlement
New York-Presbyterian
Hospital (NYP) and Columbia University have agreed to pay a combined $4.8
million – the largest HIPAA settlement ever involving a single incident – to
settle charges that they violated the HIPAA Privacy and Security Rules by
accidentally making the electronic protected health information of their
patients accessible to Internet search engines. The Department of Health
and Human Services’ Office for Civil Rights (OCR) launched its investigations
after the entities – which operate a shared data network and firewall –
notified it of the breach. As part of the settlement, NYP will pay $3.3
million, and Columbia will pay $1.5 million. The entities also agreed to
undertake risk analyses, develop risk management plans, revise their existing
policies and procedures, and provide training on privacy and security
awareness.
(c) Steptoe & Johnson LLP
No comments:
Post a Comment