A HIPAA Life Sentence … and SO Many Lessons

In 2012 Accretive Health Care was banned from doing business in Minnesota for 2 – 6 years for a HIPAA violation. In 2018 New York State suspended a nurse’s license for a year for a HIPAA violation. But, a life sentence? The New Jersey Attorney General announced a $ 200,000 HIPAA and consumer fraud penalty against an out-of-business Georgia medical transcription company. In 2016 ATA Consulting LLC d/b/a Best Medical Transcription breached the medical records of over 1,650 people treated by three New Jersey healthcare providers by publicly exposing their medical records to the Internet. And, their customer, Virtua Health, paid a $ 418,000 settlement for violations of both HIPAA and the New Jersey Consumer Fraud Act. Tushar Mathur, owner of Best Medical Transcription, agreed to a permanent ban on managing or owning a business in New Jersey. Wow. A life sentence for a HIPAA violation. And the medical clinic paying a $ 418,000 penalty for the actions of its vendor. By a state, not the federal government. What can you learn from this? 1. It’s shocking to see how many servers have been misconfigured, or protected data being stored on web servers, exposing patient records to the Internet. These HIPAA penalties were all for exposing patient records through the Internet: The Arc of Erie County – $ 200,000 NY State Attorney General penalty Skagit County Washington – $ 215,000 federal penalty Joseph’s Health – $ 2.14 million federal penalty Cottage Health – ...
Source: EMR and HIPAA - Category: Information Technology Authors: Tags: Health Care Healthcare Healthcare IT Security HIPAA HIPAA Breaches HIPAA General HIPAA Lawsuits HIPAA News HIPAA Training Best Medical Transcription HIPAA Fines OCR State Attorney General Virtua Health Source Type: blogs