Skip to main content
Sister Publication Links
  • ESG: THE IMPLEMENTATION IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Digital Health
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Unwell in America
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Government
March 18, 2016 01:00 AM

Feinstein Institute, North Memorial Health Care to pay nearly $5.5M for HIPAA violations

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    A provider and a healthcare research organization will pay nearly $5.5 million to the Office for Civil Rights at HHS to avoid further legal actions against them for Health Insurance Portability and Accountability Act privacy and security rule violations.

    The harder hit of the two was the Feinstein Institute for Medical Research, a not-for-profit arm of Northwell Health, formerly North Shore Long Island Jewish Health System. Feinstein agreed to pay $3.9 million, one of the largest settlements in the agency's history.

    The OCR began a HIPAA probe of the organization after it reported in 2012 that a laptop computer had been stolen from an employee's car, according to an agency statement.

    The computer carried approximately 13,000 patients' and research participants' records that included names, dates of birth, addresses, Social Security numbers, diagnoses, laboratory results, medications and medical information, according to the OCR statement.

    The feds' subsequent investigation revealed insufficient security measures, specifically, according to the OCR statement, that Feinstein “lacked policies and procedures for authorizing access” to electronic protected health information by its workforce members. It also found that it “failed to implement safeguards to restrict access to unauthorized users, and lacked policies and procedures to govern the receipt and removal" of the facilities' laptops" that contained sensitive information.

    As part of the settlement, Feinstein will prepare a corrective action plan to bring it into compliance with HIPAA.

    North Memorial Health Care of Robinsdale, Minn., agreed to pay $1,550,000 to settle charges that it potentially violated HIPAA “by failing to enter into a business associate agreement with a major contractor and failing to institute an organizationwide risk analysis to address the risks and vulnerabilities to its patient information,” according to a statement by the OCR.

    A "business associate" is an organization hired or authorized by a HIPAA "covered entity," such as a hospital, physician office, insurance company or claims clearinghouse, to access and use its personally identifiable patient information. Its legal obligations to protect patient data in accordance with HIPAA privacy and security rules are spelled out in business associate agreements.

    The feds' investigation of North Memorial also began with a stolen laptop, reported in 2011. The laptop this time carried the identifiable records of 9,497 individuals. The password-protected but unencrypted computer was taken from the vehicle of an employee of Accretive Health, an HHS spokeswoman said.

    Accretive, an already troubled revenue-cycle management firm based in Chicago, also had access to North Memorial's database and its records on 289,904 patients, but, according to the OCR, North Memorial had no business associates agreement in place with Accretive.

    The OCR investigation also found that North Memorial failed to complete a risk assessment, another HIPAA requirement.

    With North Memorial, OCR Director Jocelyn Samuels said, “Two major cornerstones of the HIPAA rules were overlooked." Organizations must have compliant business associate agreements as well as an accurate and thorough risk analysis that addresses their enterprisewide IT infrastructure, she said.

    As part of the settlement, North Memorial also was required to develop a corrective action plan, risk assessment and risk management plan, and will train workforce members accordingly.

    Since 2008, there have been 33 HIPAA privacy and security rule investigations by the OCR that have led to monetary payments, either via settlement agreements or legal actions. The largest came in 2014 via a court order to pay nearly $4.8 million against Cignet Health of Prince George's County, Md., accused of refusing to supply several dozen of its patients copies of their records.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Abortion clinic
    Idaho hospital halts obstetrical care as abortion laws become stricter
    mh_20160711p29_bills_i.jpg
    State, local governments pay off medical debt relief with COVID funds
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Modern Healthcare Alert: Sign up for this breaking news email to be kept in the loop as urgent healthcare business news unfolds.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Digital Health
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Unwell in America
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing