Missing USB Pen Drive Costs $2.2 Million HIPAA Fine

The US DHS Office of Civil Rights has announced the second HIPAA fine of the year, with a whopping $2.2 million dollar settlement against a Puerto Rico based life insurance company known as MAPFRE Life, a subsidiary company of MAPFRE S.A., a global multinational insurance company headquartered in Spain. MAPFRE underwrites and administers a variety … Read more

Moldy Linen Blamed In UPMC Lawsuit

Mold deaths that resulted in a temporary shutdown of the UPMC (University of Pittsburgh Medical Center) transplant program may be linked to mold-contaminated linens according to local news reports http://triblive.com/local/allegheny/11848341-74/upmc-paris-report. So what could client hospitals do to reduce their risk to such a litigation exposure? We asked Mike Rautmann, insurance industry expert and healthcare team … Read more

That Risk Assessment You Haven’t Acted On Can Cost You $3.2 Million

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) civil money penalty against Children’s Medical Center of Dallas (Children’s) based on its impermissible disclosure of unsecured electronic protected health information (ePHI) and non-compliance over many years with multiple standards … Read more

The Next Topic of New ADA Suits Against Hospitals?

A new target may be added to the current wave of ADA lawsuits against hospitals, if a recent AZ suit is an indication — or perhaps more accurately, a storm warning. The serial lawsuit business has taken a new turn when a lawsuit was filed alleging that various Phoenix area businesses were violating ADA requirements … Read more

Feds Issue Warning of False OCR Audit Emails

Alert: Phishing Email Disguised as Official OCR Audit Communication November 28, 2016 It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and … Read more

But it was only small breach … $650,000

It does not take a huge breach of privacy to result in a huge fine — in this case, malware that potentially compromised 1670 patient files of PHI cost UMASS $650,000 in fines. This emphasizes the concept that there is no such thing as a “small breach” of PHI. The OCR announcement of the fine … Read more

EMTALA reaches beyond your formal Emergency Department

Reminder – EMTALA reality: Since the dawn of EMTALA I have been telling people that one of the biggest compliance problems with the law is that nobody reads the definitions. Later when the regulations and site review guidelines (State Operations Manual) came out, the second big set of “definitions” were included in the law through … Read more