If this is your first visit, be sure to check out the FAQ in HCMA Announcements. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. Your Participation in this message board is strictly voluntary. Information and comments on the message board do not necessarily reflect the feelings, opinions, or positions of the Hypertrophic Cardiomyopathy Association. At no time should participants to this board substitute information within for individual medical advice. The Hypertrophic Cardiomyopathy Association shall not be liable for any information provided herein. All participants in this board should conduct themselves in a professional and respectful manner. Failure to do so will result in suspension or termination. The moderators of the message board working with the HCMA will be responsible for notifying participants if they have violated the rules of conduct for the board. Moderators or HCMA staff may edit any post to ensure it conforms with the rules of the board or may delete it. This community is welcoming to all those with HCM we ask that you remember each user comes to the board with information and a point of view that may differ from that which you hold, respect is critical, please post respectfully. Thank you


No announcement yet.

Mass General coughs up $1M to settle HIPAA violation


About the Author


Lisa Salberg Find out more about Lisa Salberg
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mass General coughs up $1M to settle HIPAA violation

    Is your data secure?
    Mass General coughs up $1M to settle HIPAA violation
    Written by Editorial Staff
    February 25, 2011

    Massachusetts General Hospital (MGH) in Boston has agreed to pay the U.S. government $1 million to settle potential violations of the HIPAA Privacy Rule, according to the U.S. Department of Health and Human Services (HHS). This is the second financial penalty issued by HHS for a covered entity’s violations of HIPAA, as a $4.3 million fine was announced earlier this week.

    MGH signed a resolution agreement with HHS that requires it to develop and implement a comprehensive set of policies and procedures to safeguard the privacy of its patients. The settlement follows an extensive investigation by the HHS Office for Civil Rights (OCR), which enforces the HIPAA Privacy and Security Rules. The HIPAA Privacy Rule requires health plans, healthcare clearinghouses and most healthcare providers (covered entities) to protect the privacy of patient information through administrative, physical and technical safeguards at all times.

    The incident giving rise to the agreement involved the loss of protected health information (PHI) of 192 patients of MGH’s infectious disease associates outpatient practice, including patients with HIV/AIDS. OCR opened its investigation of MGH after a complaint was filed by a patient whose PHI was lost on March 9, 2009.

    OCR said its investigation indicated that MGH failed to implement reasonable, appropriate safeguards to protect the privacy of PHI when removed from MGH’s premises and impermissibly disclosed PHI, potentially violating provisions of the HIPAA Privacy Rule.

    The impermissible disclosure of PHI involved the loss of documents consisting of a patient schedule containing names and medical record numbers for a group of 192 patients, and billing encounter forms containing the name, date of birth, medical record number, health insurer and policy number, diagnosis and names of providers for 66 of those patients. These documents were lost on March 9, 2009, when an MGH employee, while commuting to work, left the documents on the subway train. The documents were never recovered, HHS reported.

    MGH also agreed to enter into a Corrective Action Plan (CAP), which requires the hospital to:

    * Develop and implement a comprehensive set of policies and procedures that ensure PHI is protected when removed from its premises;
    * Train workforce members on these policies and procedures; and
    * Designate the director of internal audit services of Partners HealthCare System to serve as an internal monitor who will conduct assessments of MGH’s compliance with the CAP and render semi-annual reports to HHS for a three-year period.

    “We hope the healthcare industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement. It is a covered entity’s responsibility to protect its patients’ health information,” said OCR Director Georgina Verdugo.
    Knowledge is power ... Stay informed!
    YOU can make a difference - all you have to do is try!

    Dx age 12 current age 46 and counting!
    lost: 5 family members to HCM (SCD, Stroke, CHF)
    Others diagnosed living with HCM (or gene +) include - daughter, niece, nephew, cousin, sister and many many friends!
    Therapy - ICD (implanted 97, 01, 04 and 11, medication
    Currently not obstructed
    Complications - unnecessary pacemaker and stroke (unrelated to each other)