New York-Presbyterian Hospital and Columbia University collectively have paid $4.8 million to the HHS Office for Civil Rights to settle charges of violating the HIPAA privacy and security rules.

The hospital paid $3.3 million and the university paid $1.5 million, with both agreeing to implement corrective action plans. The combined total payment is a record, but not the largest single financial penalty issued to a covered entity. That distinction goes to Cignet Health in 2011, which was fined $4.3 million for multiple violations of the privacy rule, refusing to respond to OCR’s request for records and failing to cooperate in a breach investigation for more than a year.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access