Wednesday, March 2, 2011

Hospital Agrees to $1 Million Fine for Violation of HIPAA Privacy Rule

Massachusetts General Hospital (MGH) and its physicians organization have agreed to pay the federal government $1,000,000 in fines for violation of the HIPAA privacy rule.

In addition, an outside organization will conduct assessments of MGH and submit semi-annual compliance reports to the U.S. Department of Health and Human Services (HHS) for the next three years.

In addition, MGH agreed to develop and implement a comprehensive set of policies and procedures to safeguard the privacy of its patients. The settlement follows an extensive investigation by the HHS Office for Civil Rights (OCR), which enforces the HIPAA Privacy and Security Rules.
"To avoid enforcement penalties, covered entities must ensure they are always in compliance with the HIPAA Privacy and Security Rules." - Georgina Verdugo, Director of U.S. Department of Health and Human Services Office of Civil Rights
The OCR opened an investigation after a 2009 complaint from a patient whose personal health information (PHI) was compromised. The investigation discovered that 192 patients from Mass General’s Infectious Disease Associates outpatient practice, including patients with HIV/AIDS, had their ePHI compromised.

(a) Massachusetts General Hospital settles potential HIPAA violations - HHS Press Office, February 2011
(b) HHS Resolution Agreement and Corrective Action Plan - U.S. Department of Health and Human Services, February 2011
(c) Mass. General to pay $1M to settle privacy claim - Boston Business Journal, February 2011

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at