New York-Presbyterian Hospital and Columbia University collectively have paid $4.8 million to the HHS Office for Civil Rights to settle charges of violating the HIPAA privacy and security rules.
The hospital paid $3.3 million and the university paid $1.5 million, with both agreeing to implement corrective action plans. The combined total payment is a record, but not the largest single financial penalty issued to a covered entity. That distinction goes to Cignet Health in 2011, which was fined $4.3 million for multiple violations of the privacy rule, refusing to respond to OCRs request for records and failing to cooperate in a breach investigation for more than a year.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access