After learning of the breach the hospital terminated their contract with the billing company. The court upheld the contract termination stating the billing company “violated the essential trust patients place in their healthcare providers and healthcare providers place in the companies with which they contract to aid in the provision of healthcare.”
"The billing company learned from police that the employee “wrongly and without authorization” acquired PHI to obtain patients’ credit cards to make purchases."In this case the the billing company learned of the identity theft from law enforcement. Healthcare organizations can proactively detect PHI breaches with low-cost on-demand SaaS analytics services.
- US DISTRICT COURT FOR THE SOUTHERN DISTRICT OF FLORIDA, Miami Division
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Court finds breach of HIPAA business associate agreement resulting from identity theft - www.lexology.com, 07/17/2013