HIPAAcraticRx - The Prescription for HIPAA Compliance

HOME   |   THE RISKS   |  PATH TO COMPLIANCE  |  ADDITIONAL SERVICES  |  ABOUT  |  CONTACT

20 Hempstead Turnpike, Farmingdale, New York 11735 . (516) 200-6610 . info@hipaacraticrx.com

  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon

© 2019 HIPAAcratic Rx -

Three Hospitals Pay High Penalties for Permitting Filming of News Show

October 9, 2018

 

 

On September 20, the Department of Health and Human Services Office for Civil Rights (OCR) announced separate settlements with Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH) and Massachusetts General Hospital (MGH) with penalties totaling $999,000. In each instance, ABC News filming a medical documentary prompted OCR to conduct “a compliance review.” In all three separate investigations, OCR found deficiencies.

 

While the BMC settlement agreement does not provide any details on the specifically alleged improper conduct, the BWH and MGH agreements note that both hospitals took measures to protect patient information but nonetheless OCR found the efforts to be inadequate. In those agreements, OCR implies that BWH and MGH obtained at least some written authorizations, but disclosed information to the film crews before obtaining those authorizations.

 

In addition to the penalty, each hospital is subject to a corrective action plan requiring each to revise policies and train staff. The corrective action plans refer the hospitals to the following frequently asked question on OCR’s website: “Can health care providers invite or arrange for members of the media, including film crews, to enter treatment areas of their facilities without prior written authorization?” OCR added this FAQ in 2016 after reaching a settlement with New York-Presbyterian Hospital for ABC News’ filming of “NY Med.” In its response to the FAQ, OCR instructs that, for non-public areas of a hospital, a written authorization is required “from each individual who is or will be in the area or whose PHI otherwise will be accessible to the media.”

 

This is a great reminder that providers must be vigilant in protecting patient information, even when patients seem to agree (e.g. ensuring that patients sign authorizations before making any disclosures). OCR has the authority to initiate investigations or “compliance reviews” without patient complaints. And, as is evident here, OCR will pursue enforcement actions based on its findings.

 

Keeping up with HIPAA/HITECH regulations is essential. Failure to comply can be costly, with fines ranging from $100 to $50,000 per instance -- to over $4 million. Criminal penalties range from up to one to ten years in prison. And audits are increasing every year. For more information on HIPAA Compliance, visit the HIPAAcraticRx

 

 

Share on Facebook
Share on Twitter
Please reload

Featured Posts

Ransomware Costs Rise and Cause Downtime

July 16, 2019

1/10
Please reload

Recent Posts
Please reload

Archive