Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Custom Media Event: ESG Summit
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Transformation Summit
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain Revenue Cycle
    • - Hospital at Home
    • - Workplace of the Future
    • - Virtual Health
    • - Future of Healthcare Staffing
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Government
July 13, 2015 01:00 AM

St. Elizabeth's Medical Center will pay settlement in HIPAA breach

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    St. Elizabeth's Medical Center in Brighton, Mass., has agreed to pay a $218,400 settlement to federal authorities for what the government is calling “potential violations” of data privacy and security breach notifications rules under HIPAA, including in a relatively rare enforcement area, Internet-based file-sharing services.

    The Office for Civil Rights at HHS, which has federal HIPAA privacy and security rule enforcement authority, first received a complaint in November 2012 that members of St. Elizabeth's workforce used an Internet-based document-sharing application “to store documents containing electronic protected health information (ePHI) of at least 498 individuals without having analyzed the risks associated with such a practice.”

    In a separate incident, in August 2014, the hospital reported to HHS that a former workforce member had stored patient-identifiable health records of 595 individuals on a stolen personal laptop and USB flash drive.

    According to a recent report on employee Internet usage by the Campbell, Calif.-based security firm Skyhigh Networks, employees at an average healthcare organization use a total of 928 cloud services, many without the knowledge of their IT departments. File-sharing services were among the top five uses of cloud services by healthcare workers in the report.

    “Organizations must pay particular attention to HIPAA's requirements when using Internet-based document-sharing applications,” said Office for Civil Rights Director Jocelyn Samuels. “In order to reduce potential risks and vulnerabilities, all workforce members must follow all policies and procedures, and entities must ensure that incidents are reported and mitigated in a timely manner.”

    In addition to the payment, the settlement includes a corrective action plan “to cure gaps in the organization's HIPAA compliance program raised by both the complaint and the breach.” St. Elizabeth has also reported to the civil rights office a breach of 6,831 lost patients' identifiable records on paper or film, according to the “wall of shame” list kept by the office for breaches involving 500 or more individuals.

    This wasn't the first Office for Civil Rights enforcement action involving settlement amounts against a provider involving Web-based services, according to Adam Greene, a privacy lawyer with Davis Wright Tremaine in Washington, D.C. But providers need to be aware of the enforcement risks both cases demonstrate, he said.

    In April, 2012, a five-physician medical practice, Phoenix Cardiac Surgery, agreed to a $100,000 settlement for failing to have HIPAA-required business associate agreements with providers of their Internet-based calendar and e-mail service.

    “Between these two cases,” Greene said, “what it stands for is OCR's expectation you're going to have to have a business associate agreement with any cloud-based (service) providers. And you need a risk analysis.”

    Greene said the St. Elizabeth settlement was “particularly noteworthy” because the complaints apparently came from the hospital's own employees.

    “So, there appears to be a whistle-blower,” Greene said. “It shows the importance of having a process for hearing concerns from your employees about addressing HIPAA, or they might go to the government instead.”

    Since September 2009, when the civil rights office started keeping a public list of breaches involving 500 or more individuals, 1,265 breaches have been reported exposing the records of nearly 135 million people, equal to the populations of California, Florida, Illinois, New Jersey, New York, Pennsylvania and Texas combined.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    medicare and money
    Inspector General pushes CMS to recover $226M in Medicare overpayments
    Ezike 800.jpg
    Former Illinois health chief Ezike under scrutiny by state's top ethics investigator
    Sponsored Content
    Modern Healthcare Alert: Sign up for this breaking news email to be kept in the loop as urgent healthcare business news unfolds.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2022. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Transformation Summit
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain Revenue Cycle
        • - Hospital at Home
        • - Workplace of the Future
        • - Virtual Health
        • - Future of Healthcare Staffing
      • Custom Media Event: ESG Summit
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing