Results of Broken HIPAA Security Rule
Massachusetts Eye and Ear Infirmary, working in conjunction with Massachusetts Eye and Ear Associates, Inc., (MEEI) continues to cope with the aftermath of a broken HIPAA Security Rule that began over 2 years ago. MEEI must pay a total of 1.5 million dollars to the United States Department of Health and Human Services (HHS). Furthermore, the Massachusetts-based health care provider must commit to a 3-year Corrective Action Plan (CAP).
The purpose of the CAP is to improve the medical group’s overall security. During the 3 years, a government-designated MEEI consultant will conduct unannounced inspections of the facility. The consultant is required to stop by at least twice a year. MEEI’s new safety policies and procedures will be analyzed during these visits, and the consultant will report findings to the HHS.
It’s not that MEEI did anything outrageous. The large payment and long-term CAP agreement comes as the result of an affiliated physician’s stolen laptop.
The laptop was unencrypted, enabling the thief to view private information of approximately 3,500 patients and clinical research subjects within MEEI. According to MEEI’s press release in 2010, the physician’s laptop was stolen while lecturing in South Korea. The issue was immediately reported to the HHS.
MEEI did the right thing when they immediately reported the burglary. However, they were scrutinized by the HHS Office for Civil Rights (OCR) as a result. The findings were clear: MEEI was not in compliance with HIPAA standards.
Risking Patient Privacy
Information from the 3,500 patients listed on the stolen laptop included names, e-mail addresses, birth dates, medical history, current prescriptions, and other clinical records. If MEEI was abiding by the HIPAA Security Rule, they could have dealt with a much smaller mess back in 2010. The medical group would have saved a large sum of money and years of unnecessary stress.
Time spent in a court room is time taken away from your patients’ medical concerns. Do not make MEEI’s mistakes. Through the use of our EMR software, your medical practice can achieve higher levels of security while functioning more efficiently. In addition, our medical billing services are 100% HIPAA compliant.