Thursday, May 11, 2017

Memorial Hermann Health System to pay $2.4M Fine for HIPAA violations

Memorial Hermann Health System in the region of Texas will pay a fine of $2.4 million and enter into a 2-year corrective action plan after revealing a sufferer’s protected health information without the patient’s authorization.

In the year of September 2015 a sufferer at a MHHS clinic presented a fraudulent identification card to office staff, which contacted police, and the sufferer was arrested.

MHHS released multiple press releases to fifteen media outlets on the incident and added the sufferer’s name in the title of the release; it also revealed the sufferer’s protected information during 3 meetings with an advocacy group, state representatives and a state senator, as well as on its website.

Moreover, the HHS Office for Civil Rights found during an investigation that the agency also failed to document in a timely manner the sanctioning of workforce members that revealed the patient’s name.

“Senior management should have known that revealing a sufferer’s name on the title of a press release was a clear privacy violation that would induce a swift OCR response,” OCR Director Roger Severino claimed in a statement. “This case reminds us that agency can readily cooperate with law enforcement without violating HIPAA, but that they must nevertheless sustain to secure patient privacy when making statements to the public and elsewhere.”

Among other requirements, the corrective action plan, available here, needs all MHHS facilities to attest their understanding of permissible uses and disclosures of protected health information, involving disclosures to the media.

Memorial Hermann Health System refused to comment.

 

No comments:

Post a Comment