Archive for HIPAA Violations
The number of patients affected by a February break-in at Sutherland Healthcare Solutions in Torrance, Calif., has nearly doubled as the investigation progresses, the Los Angeles Times reported. Sutherland handles billing and collections for the county’s Department of Health Services and Department of Public Health.
On March 19, HIPAA Update reported that the PHI of 168,500 Los Angeles County medical facility patients was compromised when a thief stole eight computers from Sutherland. The total number of affected patients was upped to 338,700.
Three class action lawsuits have been filed against Los Angeles County as a result of the breach. The county is reviewing Sutherland’s security practices, the Los Angeles Times reported.
Stanford Hospital & Clinics in California and two of its vendors could pay more than $4.1 million to settle a class action lawsuit that stems from HIPAA violations, San Jose Mercury News reported.
A Los Angeles County Superior Court judge tentatively approved the settlement March 19, 2014. Shana Springer filed suit against the hospital and its vendors, Multi-Specialty Collection Services LLC and Corcino & Associates LLC in September 2011.
In an October 2011 post, HIPAA Update reported that the hospital released a notice stating that its vendor posted an electronic file that included certain patient information on a student homework website. The file included PHI of more than 20,000 patients treated at the hospital’s emergency room from March 1, 2009, through August 31, 2009.
OCR announced in the February 24 Federal Register its plan to survey up to 1,200 covered entities and business associates to determine suitability for its HIPAA audit program.
The survey is intended to provide OCR information that will determine whether a respondent is suitable for an audit. Data collected through the survey will include the number of patient visits or insured lives, use of electronic information, revenue, and business locations.
HHS is seeking comments on aspects of the Information Collection Request and the burden estimate, which is 600 total burden hours. Submit comments by email at Information.CollectionClearance@hhs.gov or by telephone at 202-690-6162.
The PHI of 168,500 Los Angeles County medical facility patients was stolen during a break-in at Sutherland Healthcare Solutions in Torrance, Calif., the Los Angeles Times has reported.
Sutherland handles billing and collections for the county’s Department of Health Services and Department of Public Health. Computers containing patients’ PHI were stolen from the Sutherland office February 5. PHI stored on the computers includes patient names, Social Security numbers, medical and billing information, and potentially birthdates, addresses, and diagnoses, the newspaper reported.
The county is reviewing its contract with Sutherland to determine whether it enforces breach prevention procedures.
Skagit County in Washington state has agreed to a $215,000 fine and corrective action plan (CAP) to settle HIPAA violations with HHS. This is HHS’ first settlement with a county government, according to a press release.
An OCR investigation revealed that Skagit County exposed the ePHI of 1,581 individuals when files were moved to a publicly-accessible server maintained by the county. The county also failed to comply with the HIPAA Privacy, Security, and Breach Notification Rules, according to HHS.
The CAP requires Skagit County to provide regular status reports to OCR. It also must establish written policies and procedures, documentation requirements, training, and other measures to comply with HIPAA.