Two large NY hospitals get hit with $4.8 million worth of HIPAA fines from the federal government.
New York and Presbyterian Hospital (“NYP”) and Columbia University (“CU”) are fined with the largest HIPAA fine in history after they submitted a joint breach report that dates back to September 27, 2010.
NYP paid OCR $3,300,000 and CU had to pay $1,500,000.
Both agreed to complete corrective action plans that include risk analyses, developing risk management plans, revising policies and procedures, staff training, and providing OCR with progress reports. Article.
NYP and CU had violated both the HIPAA Privacy and Security Rules by exposing 6,800 patients’ electronic health information held on their network, including patient status, vital signs, medications, and laboratory results.
The breach occurred as a result of an application developer for the affiliated organizations trying to deactivate a personally-owned computer server on the network that held NYP patient health information back in 2010. Once the server was deactivated, ePHI became accessible on internet search engines and the organizations learned of the breach when a deceased patient’s partner found the former patient’s health information on the internet.
HHS’ assessed fines are the largest ever, but HHS is continuing to actively pursue actions against entities that violate the HIPAA privacy, security and administrative rules.
Healthcare providers need to be proactive to ensure that if they are deactivating a server containing health information, it must be done with proper security, and with proper protocols to prevent a data breach.
Today, healthcare providers must maintain patient PHI. Data breaches of this magnitude can result in criminal prosecution, as well as civil liability and disastrous penalties.
Don’t let it happen to you.
Tell us how you prepared for the HITECH Act and Final Rule to avoid breaches? Share your ideas with us by clicking on the comment button below. We’d love to hear from you.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.