Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

HIPAA Breach Penalties are Being Assessed for Potential Disclosures of Less than 500 Patients. Have You Taken Steps to Prevent a Breach?

HIPAA Breach Penalties are Increasing.

(January 8, 2013):  A few days ago, the Department of Health and Human Services’ Office for Civil Rights (HHS’ OCR) issued an important announcement — one which is likely to affect ALL health care providers at some point.   OCR has announced that they have entered into a monetary settlement with an Idaho-based hospice company in connection with a HIPAA breach involving less than 500 patients.  As the settlement agreement details, the hospice company has agreed to pay $50,000 to settle these potential violations arising out of the company’s loss of an un-encrypted laptop which contained personal health information (PHI) that was being used outside of the office.

While the hospice company did, in fact, report the loss, OCR noted that prior to the loss, the hospice had NOT conducted any sort of risk analysis or attempted to safeguard the information.  Under HIPAA, all health care providers are required to have safeguards in place to prevent this (and similar) types of HIPAA breaches from taking place.  OCR’s director Leon Rodriguez stated:

“This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information. Encryption is an easy method for making lost information unusable, unreadable and undecipherable.”

All entities are required to report “breaches” of 500 patients or more to the secretary of HHS and then to the press within 60 days.  Smaller breaches are reported to HHS on an annual basis. In this particular case (which occurred in 2010), a total of 441 patients had their information put at risk.  Notably, OCR’s announcement did not indicate that any patient suffered any harm as a result of the laptop’s loss or this alleged HIPAA breach.  Nor is it alleged that any type of identify theft took place.

Healthcare LawyerRobert W. Liles, Esq., serves as Managing Partner at Liles Parker. Robert and the other attorneys at Liles Parker represent health care providers in HIPAA related audits and projects.  Should you have any HIPAA privacy questions, please give us a call for a free consultation.  Robert can be reached at:  1 (800) 476-1906.