The growing financial penalties highlight the risks to providers of managed IT services who handle sensitive data for health care clients.

Aldrin Brown, Editor-in-Chief

August 18, 2016

2 Min Read
HIPAA Breach Case Results in Record 55 Million Penalty

The costs of mishandling electronic protected health information (ePHI) continue to skyrocket.

Advocate Health Care Network has agreed to pay a record $5.5 million to settle claims that it violated the security rule of the Health Insurance Portability and Accountability Act (HIPAA), resulting in data breaches that compromised the records of roughly 4 million people.

The Aug. 4 settlement – the largest in the history of HIPAA enforcement actions – stemmed from three separate data breaches that occurred within months of each other in 2013.

Federal authorities said Advocate failed to conduct mandatory risk assessments, properly safeguard laptops containing ePHI or obtain a required business associate agreement with a third-party contractor that handled medical billing.

“We hope this settlement sends a strong message to covered entities that they must engage in a comprehensive risk analysis and risk management to ensure that individuals’ ePHI is secure,” said Jocelyn Samuels, director of the U.S. Department of Health and Human Services’ Office of Civil Rights. “This includes implementing physical, technical, and administrative security measures sufficient to reduce the risks to ePHI in all physical locations and on all portable devices to a reasonable and appropriate level.”

Security of ePHI has become a growing concern for managed services providers (MSPs) with customers in health care.

MSPs with expertise in HIPAA compliance can realize a huge market opportunity by managing sensitive patient data for health care entities.

But the lucrative vertical also carries substantial financial risks in the form of penalties and legal costs if ePHI is mishandled.

Under HIPAA rules, MSPs are considered “business associates,” and must sign agreements with the health care customer assuring they will abide by all data security requirements.

One of the three Advocate breaches involved Blackhawk Consulting Group, which provided billing services.

In that case, the ePHI of more than 2,000 Advocate patients was compromised when an unauthorized third party gained access to Blackhawk’s network.

“Advocate failed to obtain satisfactory assurances in the form of a written business associate contract that its business associate would appropriately safeguard all ePHI in its possession,” federal officials said in a statement.

The other two breaches involved separate thefts of laptop computers containing private information of nearly 4 million people.

Advocate Health Care Network is the largest fully integrated health care system in Illinois, authorities said.

The latest penalty brings the total amount of settlements for HIPAA security violations to $20.3 million this year, up sharply from $6.2 million in all of 2015.

 

Send tips and news to [email protected].

Read more about:

MSPsMSP 501

About the Author(s)

Aldrin Brown

Editor-in-Chief, Penton

Veteran journalist Aldrin Brown comes to Penton Technology from Empire Digital Strategies, a business-to-business consulting firm that he founded that provides e-commerce, content and social media solutions to businesses, nonprofits and other organizations seeking to create or grow their digital presence.

Previously, Brown served as the Desert Bureau Chief for City News Service in Southern California and Regional Editor for Patch, AOL's network of local news sites. At Patch, he managed a staff of journalists and more than 30 hyper-local and business news and information websites throughout California. In addition to his work in technology and business, Brown was the city editor for The Sun, a daily newspaper based in San Bernardino, CA; the college sports editor at The Tennessean, Nashville, TN; and an investigative reporter at the Orange County Register, Santa Ana, CA.

 

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like