Los Angeles Times Article Results in $275000 HIPAA Privacy Rule Fine

by | Jun 14, 2013

L.A Times has published an article which has revealed that a sequence of events has run which has now lead to in Shasta Regional Medical Center (SRMC) agreeing to a settlement of $275,000 for its breaches of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

The Privacy Rule forbids all covered bodies – and their staff and business associates – from releasing health information of patients to unauthorized persons. Whenever there is a possibility that regulations are not being followed the HHS Office for Civil Rights (OCR) carries out an investigation and compliance review.

The U.S. Department of Health and Human Services (HHS) was advised of potential Privacy Rule violations after two senior SRMC leaders met with the media and provided information about medical procedures performed on a specific patient. This unauthorized disclosure of the patient’s protected health data to the media was a direct breach of the Privacy Rule.

Patient consent must be received in writing before any PHI can be disclosed to a third party and this was not the case at SRMC. The OCR found that information had been intentionally provided to the media three separate times. The media disclosure exposed PHI to the largest audience, although the OCR also discovered data about the patient’s condition, diagnosis and treatment had been emailed to the entire workforce. Furthermore, employees were not cleared for disclosing this information as was stated in its internal sanctions policy.

Shasta Regional Medical Center has agreed to pay a settlement of $275,000 to the HHS for the HIPAA breaches and must put in place a corrective action strategy. The plan ensures that SRMC implements the proper controls to safeguard PHI, such as updating policies and procedures to ensure that PHI is always secure and training the staff on its obligations under the HIPAA Privacy Rule.

SRMC is only one of a number of hospitals under the same central control and all 15 of the other healthcare facilities must also confirm that the necessary training has been provided and they are aware of all HIPAA Privacy and Security Rules.

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule was brought in to protect the personal health information of patients, while making it easier for people to obtain copies of their medical history. HHS Office for Civil Rights director, Leon Rodriguez, has sent a clear message to all HIPAA-covered bodies advising them that the Privacy Rule will be enforced and prompt sanctions applied against healthcare organizations that do not adhere to the rules. “When senior level executives intentionally and repeatedly violate HIPAA by disclosing identifiable patient information, OCR will respond quickly and decisively to stop such behavior.”

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy