News Article with Protected Health Information Led to an $80,000 HIPAA Settlement
According to a November 2023 press release from the Office for Civil Rights (OCR), Saint Joseph’s Medical Center (“Saint Joseph’s”) of New York state agreed to pay $80,000 and implement a corrective action plan in response to their unauthorized release of Protected Health Information (PHI). The OCR press release states a national publication from the Associated Press regarding Saint Joseph’s response to the COVID-19 pandemic included pictures of the facility and PHI about three patients. Since Saint Joseph’s did not obtain prior written authorization from the patients, or their authorized representatives, to release information about their COVID-19 diagnosis, their current medical status and medical prognosis, vital signs, or treatment plan, Saint Joseph’s was in potential violation of the HIPAA Privacy Rule.
In addition to the $80,000 settlement and corrective action plan, Saint Joseph’s must also develop written policies and procedures to ensure their facility and workforce is compliant with the HIPAA Privacy Rule. They will also be monitored by the OCR for two years to ensure they are compliant with their updated policies and procedures and the HIPAA Privacy Rule.
PAAS Tips:
- Pharmacies must have customized HIPAA policies and procedures which employees can be trained on
- Ensure all staff with access to PHI receive training on the appropriate handling of PHI to prevent accidental disclosures
- Contracted entities with access to the pharmacy’s PHI or electronic PHI also need to have HIPAA training; training details should be addressed in the signed Business Associated Agreement and the entity should provide the pharmacy with proof of training, if requested
- Training should include information about civil, monetary, and criminal penalties for violations of the HIPAA Privacy Rule to reinforce the importance of following the HIPAA Rules
- Members enrolled in the PAAS National® Fraud, Waste & Abuse and HIPAA Compliance Program can review Section 10 of their Policy & Procedure Manual for more information on HIPAA privacy and breaches or call us to speak to a PAAS National® analyst about your HIPAA concerns
- OptumRx® Provider Manual Updates May Shift Audits – Especially LTC - October 11, 2024
- Scare Away the Unwanted: Four Facility Access Controls You Need! - October 3, 2024
- What FWA and HIPAA Compliance Elements are Necessary for Interns, Job Shadows, Floating Staff, Cashiers and Delivery Drivers? - September 15, 2024