Shasta Regional slapped with $275K HIPAA fine

[InfoSec News <alerts () infosecnews org>]

http://www.clinical-innovation.com/topics/policy/shasta-regional-slapped-275k-hipaa-fine

By Laura Pedulli
Clinical Innovation + Technology
June 18, 2013

Shasta Regional Medical Center (SRMC) agreed to pay $275,000 and undertake a 
corrective action plan after a Department of Health and Human Services (HHS) 
Office for Civil Rights (OCR) investigation uncovered HIPAA violations stemming 
from unauthorized disclosure of a patient’s personal health information.

The HHS notified the center of a compliance review on Jan. 6, 2012--two days 
after a Los Angeles Times article indicated that SRMC senior leaders met with 
the media to discuss the medical services provided to a patient without valid 
written authorization, according to the resolution agreement.

The leaders had met with media to respond to allegations of Medicare fraud in a 
California Watch story, which had cited the SRMC’s high billing rate for 
kwashiorkor, which is a form of malnutrition. In that story, the patient had 
denied receiving treatment for kwashiorkor, and the leaders sought to explain 
the billing by disclosing the patient’s health record, according to a Jan. 18, 
2013 California Watch article on the investigation.

On three separate occasions, SRMC disclosed the patient's information, 
according to the agreement. In two cases, the leaders shared with media the 
patients’ medical treatment and lab results without written authorization from 
the patient. SRMC also sent an email to its entire workforce of approximately 
785 to 900 individuals, explaining the patient’s medical condition, diagnosis 
and treatment.

[...]

_______________________________________________
ISN mailing list
ISN () lists infosecnews org
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org