Home Health & Hospice Week

Industry Notes:

Avoid Mistake That Caused Biggest-Ever HIPAA Settlement

Double-check your system safeguards.

If you search your loved one’s name on the internet, the last thing you want to see is his private medical records show up in the search results — but that’s exactly what happened to one stunned New Yorker, spurring a HIPAA investigation that would result in $4.8 million in settlements.

A physician who developed apps for two Manhattan hospitals meant to deactivate his personal computer server from the hospital network, which included electronic protected health information (ePHI). “Because of a lack of technical safeguards, deactivation of the server resulted in ePHI being accessible on internet search engines,” a Depart-ment of Health and Human Services release says. “The entities learned of the breach after receiving a complaint by an individual who found the ePHI of the individual’s deceased partner, a former patient of the hospital, on the internet.”

But that patient wasn’t alone — in fact, 6,800 individuals were impacted by the breach, with their patient status, vital signs, medications and lab results vulnerable to public viewing. The resulting settlement by New York and Presbyterian Hos-pital and Columbia University of $4.8 million is the largest to date since the HIPAA laws took effect.

Other Articles in this issue of

Home Health & Hospice Week

View All