Scribd Logo
Upload

Welcome to Scribd!

  • Hipaa Violation Lawsuit

    Uploaded by

    api-421015906
    63 views2 pages
    The University of Texas MD Anderson Cancer Center was ordered to pay $4,348,000 in civil penalties for HIPAA violations involving the theft of an unencrypted laptop and loss of two unencrypted USB drives containing the protected health information of over 33,500 individuals. This was the second largest penalty ever awarded by the Office for Civil Rights for HIPAA violations. MD Anderson had adopted an encryption policy in 2011 but failed to encrypt some electronic devices containing protected health information. The Administrative Law Judge determined the penalty was appropriate given MD Anderson's negligence in transferring unencrypted protected health information and violating the Privacy and Security Rules.

    Original Description:

    Original Title

    hipaa violation lawsuit

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The University of Texas MD Anderson Cancer Center was ordered to pay $4,348,000 in civil penalties for HIPAA violations involving the theft of an unencrypted laptop and loss of two unencrypted USB drives containing the protected health information of over 33,500 individuals. This was the second largest penalty ever awarded by the Office for Civil Rights for HIPAA violations. MD Anderson had adopted an encryption policy in 2011 but failed to encrypt some electronic devices containing protected health information. The Administrative Law Judge determined the penalty was appropriate given MD Anderson's negligence in transferring unencrypted protected health information and violating the Privacy and Security Rules.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    63 views2 pages

    Hipaa Violation Lawsuit

    Uploaded by

    api-421015906
    The University of Texas MD Anderson Cancer Center was ordered to pay $4,348,000 in civil penalties for HIPAA violations involving the theft of an unencrypted laptop and loss of two unencrypted USB drives containing the protected health information of over 33,500 individuals. This was the second largest penalty ever awarded by the Office for Civil Rights for HIPAA violations. MD Anderson had adopted an encryption policy in 2011 but failed to encrypt some electronic devices containing protected health information. The Administrative Law Judge determined the penalty was appropriate given MD Anderson's negligence in transferring unencrypted protected health information and violating the Privacy and Security Rules.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    Jessica Luplow

    8/14/18

    AH102

    Ms. Cabrera

    HIPAA Violation Lawsuit

    Both Privacy and Security Rules was the final ruling that costed The University of Texas

    MD Anderson Cancer Center (MD Anderson) $4,348,000 in civil money. The money was for all

    the Health Insurance Portability and Accountability Act of 1996 (HIPAA) violations that they

    owed to the Office for Civil Rights (OCR). “This is the second summary judgement victory in

    OCR’s history of HIPAA enforcement and the 4.3 Million is fourth largest amount ever awarded

    to OCR by an Administrative Law Judge (ALJ) or secured in a settlement for HIPAA violations”

    (HHS Press Office, 2018, p. 1). This breach of unencrypted electronic protected health

    information (ePHI) in MD Anderson definitely did not uphold to the hospitals well known

    Encryption Policy when traveling with patient’s data.

    This Texas Medical Center in Houston was home of a comprehensive cancer treatment

    and research center and a degree-granting academic institution. “OCR investigated MD

    Anderson following three separate data breach reports in 2012 and 2013 involving the theft of an

    unencrypted laptop from the residence of an MD Anderson employee and the loss of two

    unencrypted universal serial bus (USB) thumb drive containing the unencrypted ePHI of over

    33,500 individuals” (HHS Press Office, 2018, p. 1). In 2011, MD Anderson supposedly adopted

    this solution to implement encryption of ePHI. Then later failed to encrypt some electronic

    devices containing ePHI on March 24, 2011 and January 25, 2013.
    Since I’m currently working as an MRI Aide, so I know majority of what the HIPAA

    laws are. I still find myself struggling to fully obey by them, like trying not to speak too loudly

    when I’m asking the patient’s medical history in the dressing rooms or in the hallways because I

    tend to have a boisterous voice. But my violations are incidental and I’m working on correcting

    them, when MD Anderson transferred the unencrypted ePHI it was an act of negligence that

    violated the Privacy and Security Rule of those 33,500 patients. ALJ surely made the right

    decision, and the punishment fits the crime.

    https://www.hhs.gov/hipaa/for-professionals/compliance-

    enforcement/agreements/mdanderson/index.html

    You might also like