$4.8M HIPAA Penalty — Largest Ever!

Two large NY hospitals get hit with $4.8 million worth of HIPAA fines from the federal government.  

New York and Presbyterian Hospital (“NYP”) and Columbia University (“CU”) are fined with the largest HIPAA fine in history after they submitted a joint breach report that dates back to September 27, 2010.

NYP paid OCR $3,300,000 and CU had to pay $1,500,000.  

Both agreed to complete corrective action plans that include risk analyses, developing risk management plans, revising policies and procedures, staff training, and providing OCR with progress reports.  Article.

NYP and CU had violated both the HIPAA Privacy and Security Rules by exposing 6,800 patients’ electronic health information held on their network, including patient status, vital signs, medications, and laboratory results.

The breach occurred as a result of an application developer for the affiliated organizations trying to deactivate a personally-owned computer server on the network that held NYP patient health information back in 2010.  Once the server was deactivated, ePHI became accessible on internet search engines and the organizations learned of the breach when a deceased patient’s partner found the former patient’s health information on the internet.

HHS’ assessed fines are the largest ever, but HHS is continuing to actively pursue actions against entities that violate the HIPAA privacy, security and administrative rules.

Healthcare providers need to be proactive to ensure that if they are deactivating a server containing health information, it must be done with proper security, and with proper protocols to prevent a data breach.

Today, healthcare providers must maintain patient PHI.  Data breaches of this magnitude can result in criminal prosecution, as well as civil liability and disastrous penalties. 

Don’t let it happen to you.

Tell us how you prepared for the HITECH Act and Final Rule to avoid breaches?   Share your ideas with us by clicking on the comment button below.  We’d love to hear from you.

Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.

Related Posts


Recent Posts

Is the FTC Banning Non-Competes?
January 31, 2023
Legal Documents for Your Graduating Senior
January 26, 2023
Can I Terminate My Physician Employment Agreement?
January 24, 2023
Do You Worry About Your Parents’ Health?
January 19, 2023
How Do I Escape My Non-Compete Clause?
January 17, 2023


Enter your email to subscribe now and receive your FREE HIPAA Risk Assessment book!

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment.


Get it now for FREE (an $8.99 value!)

One more step! Please check your email to confirm your subscription and receive your FREE book!