Data Breach Results in $4.8 Million in HIPAA Settlements

Two health care organizations have agreed to settle charges that they potentially violated the HIPAA Privacy and Security Rules by not securing thousands of patients’ electronic protected health information (ePHI) held on their network. The combined monetary settlement totals $4.8 million and is the largest HIPAA settlement to date. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) investigated New York and Presbyterian Hospital (NYP) and Columbia University (CU) after they submitted a joint breach report on September 27, 2010, regarding the disclosure of the ePHI of nearly 7,000 individuals. NYP and CU are separate covered entities, but operate a shared data network and a shared network firewall that is administered by employees of both entities. Read more.


OCR’s investigation also found that neither NYP nor CU made efforts prior to the breach to assure that the server was secure and that it contained appropriate software protections and determined that neither entity had conducted an accurate risk analysis. Neither entity had developed an adequate risk management plan that addressed the potential threats and hazards to the security of ePHI. NYP failed to implement appropriate policies and procedures for authorizing access to its databases and failed to comply with its own policies on information access management. NYP has paid OCR a monetary settlement of $3.3 million and CU has paid $1.5 million, with both entities agreeing to a substantive corrective action plan.


About MSNJ

Founded in 1766, the Medical Society of New Jersey is the oldest professional society in the United States. The organization and its dues-paying members are dedicated to a healthy New Jersey, working to ensure the sanctity of the physician–patient relationship. In representing all medical disciplines, MSNJ advocates for the rights of patients and physicians alike, for the delivery of the highest quality medical care. This allows response to the patients’ individual, varied needs, in an ethical and compassionate environment, in order to create a healthy Garden State and healthy citizens.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: