Ouch! $2.4 Million Settlement

Yesterday the Office for Civil Rights (OCR) reported a $2.4 million settlement with the Memorial Hermann Health System (MHHS) in Houston, Texas. MHHS also agreed to a comprehensive corrective action plan to improve its HIPAA compliance. MHHS is the largest not for profit health system in southeast Texas operating sixteen hospitals and numerous specialty services.

Although MHHS was called out for a HIPAA violation, it has also received many national and regional awards and recognition over the years for quality care. By all accounts MHHS is a valuable resource in healthcare and an important member of the greater Houston community.

What is remarkable about this settlement is that it was triggered by the disclosure of protected health information (PHI) of one patient – not the more common multiple patient disclosures, many of which have resulted in smaller fines. The patient was the subject of a law enforcement inquiry, and MHHS had lawfully disclosed PHI to law enforcement authorities, but then MHHS unlawfully disclosed the patient’s name in a press release about the matter.

“Senior management should have known that disclosing a patient’s name on the title of a press release was a clear HIPAA Privacy violation that would induce a swift OCR response,” said OCR Director Roger Severino.

In addition to a $2.4 million settlement, a corrective action plan requires MHHS to update its policies and procedures on safeguarding PHI from impermissible uses and disclosures and to train its workforce members. The corrective action plan also requires all MHHS facilities to attest to their understanding of permissible uses and disclosures of PHI, including disclosures to the media.

This is clear evidence that HIPAA enforcement continues in 2017, and those who are not paying attention need to start. OCR is agnostic when it comes to reputation or quality of the institutions it regulates. The best health care providers in the country will be audited and fined if their policies don’t measure up. Check out The HIPAA E-Tool® to see what a comprehensive solution can do to protect patient privacy and reduce your risk of inviting OCR scrutiny.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free