$4.8M HIPAA Penalty — Largest Ever!

Two large NY hospitals get hit with $4.8 million worth of HIPAA fines from the federal government.  

New York and Presbyterian Hospital (“NYP”) and Columbia University (“CU”) are fined with the largest HIPAA fine in history after they submitted a joint breach report that dates back to September 27, 2010.

NYP paid OCR $3,300,000 and CU had to pay $1,500,000.  

Both agreed to complete corrective action plans that include risk analyses, developing risk management plans, revising policies and procedures, staff training, and providing OCR with progress reports.  Article.

NYP and CU had violated both the HIPAA Privacy and Security Rules by exposing 6,800 patients’ electronic health information held on their network, including patient status, vital signs, medications, and laboratory results.

The breach occurred as a result of an application developer for the affiliated organizations trying to deactivate a personally-owned computer server on the network that held NYP patient health information back in 2010.  Once the server was deactivated, ePHI became accessible on internet search engines and the organizations learned of the breach when a deceased patient’s partner found the former patient’s health information on the internet.

HHS’ assessed fines are the largest ever, but HHS is continuing to actively pursue actions against entities that violate the HIPAA privacy, security and administrative rules.

Healthcare providers need to be proactive to ensure that if they are deactivating a server containing health information, it must be done with proper security, and with proper protocols to prevent a data breach.

Today, healthcare providers must maintain patient PHI.  Data breaches of this magnitude can result in criminal prosecution, as well as civil liability and disastrous penalties. 

Don’t let it happen to you.

Tell us how you prepared for the HITECH Act and Final Rule to avoid breaches?   Share your ideas with us by clicking on the comment button below.  We’d love to hear from you.

Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.

Related Posts


Recent Posts

Getting Remarried? Here’s What You Need to Know
March 21, 2024
What is the Biggest Threat to Healthcare?
January 30, 2024
How Can I Simplify Estate Planning?
January 11, 2024
I Have a Trust. Now What?
December 7, 2023
Breaking: Corewell Health Breach
December 5, 2023


Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.