Professional Documents
Culture Documents
Hipaa Violation Lawsuit
Hipaa Violation Lawsuit
8/14/18
AH102
Ms. Cabrera
Both Privacy and Security Rules was the final ruling that costed The University of Texas
MD Anderson Cancer Center (MD Anderson) $4,348,000 in civil money. The money was for all
the Health Insurance Portability and Accountability Act of 1996 (HIPAA) violations that they
owed to the Office for Civil Rights (OCR). “This is the second summary judgement victory in
OCR’s history of HIPAA enforcement and the 4.3 Million is fourth largest amount ever awarded
to OCR by an Administrative Law Judge (ALJ) or secured in a settlement for HIPAA violations”
(HHS Press Office, 2018, p. 1). This breach of unencrypted electronic protected health
information (ePHI) in MD Anderson definitely did not uphold to the hospitals well known
This Texas Medical Center in Houston was home of a comprehensive cancer treatment
Anderson following three separate data breach reports in 2012 and 2013 involving the theft of an
unencrypted laptop from the residence of an MD Anderson employee and the loss of two
unencrypted universal serial bus (USB) thumb drive containing the unencrypted ePHI of over
33,500 individuals” (HHS Press Office, 2018, p. 1). In 2011, MD Anderson supposedly adopted
this solution to implement encryption of ePHI. Then later failed to encrypt some electronic
devices containing ePHI on March 24, 2011 and January 25, 2013.
Since I’m currently working as an MRI Aide, so I know majority of what the HIPAA
laws are. I still find myself struggling to fully obey by them, like trying not to speak too loudly
when I’m asking the patient’s medical history in the dressing rooms or in the hallways because I
tend to have a boisterous voice. But my violations are incidental and I’m working on correcting
them, when MD Anderson transferred the unencrypted ePHI it was an act of negligence that
violated the Privacy and Security Rule of those 33,500 patients. ALJ surely made the right
https://www.hhs.gov/hipaa/for-professionals/compliance-
enforcement/agreements/mdanderson/index.html