Three Boston Hospitals Pay HIPAA Fines
October 9, 2018
In early September 2018, three Boston hospitals, Brigham Women’s Hospital, Boston Medical Center, and Massachusetts General Hospital, collectively paid $999,000 in a settlement for potential HIPAA violations.
The fines were imposed by the Department of Health and Human Services, Office of Civil Rights for compromising patients’ Protected Health Information, or PHI. The potential breach of PHI occurred during the filming of the ABC reality TV series Save My Life: Boston Trauma.
HIPAA explicitly requires healthcare providers to obtain signed release forms from patients prior to granting any members of the media access to spaces where PHI is accessible in any capacity – including written, oral, visual or audio form.
A 2016 press release from HHS states “Health care providers cannot invite or allow media personnel, including film crews, into treatment or other areas of their facilities where patients’ PHI will be accessible. The announcement continues, “…prior written authorization from each individual who is or will be in the area or whose PHI otherwise will be accessible to the media must be obtained.”
Notably, the ABC film crews received patient privacy training and signed confidentiality agreements before filming in the various hospitals, but OCR ruled that was not enough. This story illustrates the importance of not only knowing HIPAA rules and regulations but also enforcing these standards at all times.
As part of their corrective action plan, all three hospitals involved will provide their employees with additional training about patients’ privacy rights. This training will also include information about media release forms and the necessity of using these forms at any time when patients’ private moments may become public.
You may have read about a similar settlement involving the ABC network and New York Presbyterian Hospital in 2016. Much like the Boston incident, patients’ PHI was compromised during the filming of the reality TV series New York Med. The hospital settled with HHS for $2.2 million.
Health law experts warn hospitals and other providers to learn from cases like these. Protecting patients’ right to privacy should always remain the top priority for all entities regulated by HIPAA.
This is why our HIPAA Prime™ online modules break down the complexities of the law in easy to understand terms and outline the best course of action for addressing every facet of HIPAA for agents, healthcare providers, and their business associates.
Healthcare Info Security
Sign up for Our Blog
April 15, 2019
Jason Karn, Total HIPAA’s Chief Compliance Officer, recently spoke with David Smith, a nationally recognized healthcare benefits consultant and regulatory expert, to discuss how fully-insured, self-funded, and hybrid employee benefits… Read More ›Read More
March 18, 2019
What is Protected Health Information? The Health Insurance Portability and Accountability Act (HIPAA) is a 1996 law that regulates privacy standards in the healthcare sector. In the early 1990s, it… Read More ›Read More
March 5, 2019
Jason Karn, Total HIPAA’s Chief Compliance Officer, recently talked with David Smith, a nationally recognized healthcare benefits consultant and regulatory expert, to discuss HIPAA enforcement projections for agents and brokers… Read More ›Read More