OCR Fines Mass. General for Privacy Violations
Massachusetts General Hospital has signed an agreement with the Department of Health and Human Services’ Office for Civil Rights to pay a $1 million "resolution" fine and implement a corrective action plan following a breach of protected health information.
Massachusetts General Hospital has signed an agreement with the Department of Health and Human Services' Office for Civil Rights to pay a $1 million "resolution" fine and implement a corrective action plan following a breach of protected health information.
OCR's action is the second major finding against a health care organization in recent days for privacy rule violations (see story). A Massachusetts General employee in March 2009 left on a subway train records for 192 patients of an infectious disease outpatient practice. Information in the records included name and medical record number for all affected patients, as well as date of birth, medical insurer and policy number, diagnosis and provider names for 66 of the patients.
As part of the corrective action plan, Massachusetts General will submit semi-annual reports to OCR for three years. "We hope the health care industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement," OCR Director Georgina Verdugo said in a statement.
The resolution agreement and corrective action plan are available here.
--Joseph Goedert
OCR's action is the second major finding against a health care organization in recent days for privacy rule violations (see story). A Massachusetts General employee in March 2009 left on a subway train records for 192 patients of an infectious disease outpatient practice. Information in the records included name and medical record number for all affected patients, as well as date of birth, medical insurer and policy number, diagnosis and provider names for 66 of the patients.
As part of the corrective action plan, Massachusetts General will submit semi-annual reports to OCR for three years. "We hope the health care industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement," OCR Director Georgina Verdugo said in a statement.
The resolution agreement and corrective action plan are available here.
--Joseph Goedert
More for you
Loading data for hdm_tax_topic #reducing-cost...