HIPAA Settlement with South Shore Hospital Confirmed by Attorney General’s Office

by Ryan Coyne | May 29, 2012

An official announcement has been released by the Office of the Massachusetts Attorney General that a settlement has now been agreed with South Shore Hospital.

The healthcare supplier will have to pay a fine of $750,000 for violations of the state Consumer Protection Act (Massachusetts General Law Chapter 93A) and also breaching the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The settlement was agreed for the accidental exposure of Protected Health Information and for failing to securely delete ePHI. The violation heppening when three backup tapes storing unencrypted ePHI were accidentally sent to a data archiving company to be deleted and resold; however that company was not made aware of the contents of the tapes. Two of those tapes were then lost and have not been located.

The Attorney General’s investigation showed that a number of mistakes had been made by the hospital. The hospital had did not obtain a signed business agreement and did not find whether its choice of data company complied with HIPAA regulations.

The passing of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 allowed Attorney Generals more power to take action against organizations that breach data privacy and security laws. New powers were given to help the Office for Civil Rights with the policing of HIPAA regulations. However, not all State Attorney Generals’ Offices have been quick to apply these. Only Vermont and Connecticut, and now Massachusetts, have so far taken legal action against healthcare organizations that haveviolated HIPAA regulations.

The latest lawsuit is only the third to be submittedd, even though State Attorney Generals Offices receive a share of the settlements issued. To date, the HHS has supported this extra policing of HIPAA and has even provided computer based training and it also provided support in the lawsuit filed by Connecticut AG.

Healthcare suppliers, health plans and business associates should take notice of these three lawsuits which could now be seen by Attorney General’s Offices nationwide as a way of both increasing funding and showing that data privacy and security is treated with the utmost seriousness in their state.

The chance of AG lawsuits and a higher number of audits by the Office for Civil Rights mean that healthcare organizations must ensure data privacy and security policies are current, that business agreements exist for all associates and a proactive stance is taken to improve data privacy and safety. Lapses and non-compliance issues can prove to be very expensive.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter