NYAPRS Note: New technologies supporting stored and shared medical records are essential to integrated care and quality service delivery. But the risks of obtaining all of this health data must be matched by a commitment by providers and regulators to ensure it is safely protected. As NY and other states undergo massive transitions in integrated service delivery, this issue will continue to come up, specifically for providers that are not accustomed to securing electronic health records.
HIPAA Violation
Crain’s Health Pulse; 5/8/2014
In the largest HIPAA settlement ever, New York-Presbyterian and Columbia University Medical Center paid $4.8 million to settle charges that they potentially violated patient privacy by failing to secure thousands of patients’ electronic protected health information (ePHI) held on their network. The two hospitals had submitted a joint breach report, dated Sept. 27, 2010, regarding the disclosure of the ePHI of 6,800 individuals, including patient status, vital signs, medications and lab results. HHS’ Office for Civil Rights said it investigated a breach caused when a Columbia doctor who developed applications for both hospitals tried to deactivate a personally owned computer server on a network that contained NYP’s patient ePHI. That action triggered the data to become accessible on Internet search engines. NYP paid $3.3 million, and Columbia paid $1.5 million. Both agreed to a substantive corrective action plan.
http://www.crainsnewyork.com/article/20140508/PULSE/140509877/state-delves-deeper-into-dsrip#