Allergy practice pays $125,000 to settle doctor’s disclosure of patient information to a reporter

HIPAA Penalty November 26, 2018-Allergy Associates of Hartford, P.C.(Allergy Associates), has agreed to pay $125,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Allergy Associates is a health care practice that specializes in treating individuals with allergies, and is comprised of three doctors at four locations across Connecticut.

In February 2015, a patient of Allergy Associates contacted a local television station to speak about a dispute that had occurred between the patient and an Allergy Associates’ doctor. The reporter subsequently contacted the doctor for comment and the doctor impermissibly disclosed the patient’s protected health information to the reporter.

OCR’s investigation found that the doctor’s discussion with the reporter demonstrated a reckless disregard for the patient’s privacy rights and that the disclosure occurred after the doctor was instructed by Allergy Associates’ Privacy Officer to either not respond to the media or respond with “no comment.” Additionally, OCR’s investigation revealed that Allergy Associates failed to take any disciplinary action against the doctor or take any corrective action following the impermissible disclosure to the media.

In addition to the monetary settlement, Allergy Associates will undertake a corrective action plan that includes two years of monitoring their compliance with the HIPAA Rules.

The resolution agreement and corrective action plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/allergyassociates/index.html

Industry certified professionals at EHR 2.0 can provide a thorough HIPAA Assessment for your practice. Our online HIPAA training will provide your staff members that much needed training on HIPAA Privacy and Security rules to avoid pitfalls.  Contact us at info@ehr20.com or 866-276-8309.

HIPAA Patient data violation

 

Share this in :
  •  
  •  
  •  
  •  
The following two tabs change content below.
Our mission is to assist healthcare organizations and business associates in the development, design, and implementation of practices to secure IT systems and comply with HIPAA/HITECH privacy, security, breach and enforcement rules by protecting patient health information.

Leave a Reply

Login with your Social ID