hcs 451 discussion 3
1. HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time.
Entity Fined |
Fine |
Violation |
CIGNET |
$4,300,000 |
Online database application error. |
Alaska Department of Health and Human Services |
$1,700,000 |
Unencrypted USB hard drive stolen, poor policies and risk analysis. |
WellPoint |
$1,700,000 |
Did not have technical safeguards in place to verify the person/entity seeking access to PHI in the database. Failed to conduct a tech eval in response to software upgrade. |
Blue Cross Blue Shield of Tennessee |
$1,500,000 |
57 unencrypted hard drives stolen. |
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates |
$1,500,000 |
Unencrypted laptop stolen, poor risk analysis, policies. |
Affinity Health Plan |
$1,215,780 |
Returned photocopiers without erasing the hard drives. |
South Shore Hospital |
$750,000 |
Backup tapes went missing on the way to contractor. |
Idaho State University |
$400,000 |
Breach of unsecured ePHI. |
Shasta Regional Medical Center |
$275,000 |
Inadequate safeguarding of PHI from impermissible uses and disclosures. |
Phoenix Cardiac Surgery |
$100,000 |
Internet calendar, poor policies, training. |
The Hospice of Northern Idaho |
$50,000 |
Breach of unsecured ePHI. Unencrypted laptop stolen, no risk analysis |
Brown Morgan. What is the penalty for a HIPAA violation, 2014 retrieved fromwww.truevault.com
Discuss you thoughts in 150-200 words.
2.Here is a story of a HIPAA violation that happened a few years back. “A Mason man seriously injured in a horrific crash on Interstate 675 received notification Tuesday from Miami Valley Hospital that four employees inappropriately accessed his medical records.
In a certified letter dated Oct. 20, hospital Privacy Officer Cindy Howley wrote that employees had inappropriately viewed Brennan Eden’s emergency room notes, inpatient notes and diagnosis.
“We are taking this incident very seriously,” Howley wrote, noting hospital officials are taking steps to prevent more breaches. The hospital also will notify the U.S. Department of Health and Human Services as required by law.”
I know Cindy Howley. In fact I worked at the hospital for 15 years and had left just prior to the incident. Unofficially I was told that over a hundred people viewed the records since it was a spectacular car crash and happened to be caught on a Police dash cam. Notice how the article said they were required by law to report it. The details of fines were never disclosed. The link to the story and video are below. **Please discuss with respect to risk and quality.150-200 words
https://www.youtube.com/watch?v=EQ6CPIM1ZCs