Two health care organizations are paying $4.8 million to settle charges that they violated the Health Insurance Portability and Accountability Act (HIPAA) – the largest HIPAA settlement to date. Avoid becoming a HIPAA statistic and make sure your practice is compliant with privacy and security rules.
The payment will settle problems that began in 2010, when the health records of 6,800 patients of New York and Presbyterian Hospital and Columbia University, two separate entities that operate a shared data network, ended up online. The data, which included patients’ vital signs, medications and lab results, were fully searchable, according to U.S. Department of Health & Human Services (HHS) press release.
According to HHS resolution agreements, one of the first issues HHS uncovered in its investigations at both organizations was that neither conducted a risk analysis, the main way a health care organization can prevent breaches of electronic protected health information.
Learn how to complete an effective risk assessment with an audiocast produced by the AMA and the Healthcare Information and Management Systems Society (HIMSS).
Additional HIPAA resources and training are available from the AMA Store.