November 26, 2018-Allergy Associates of Hartford, P.C.(Allergy Associates), has agreed to pay $125,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Allergy Associates is a health care practice that specializes in treating individuals with allergies, and is comprised of three doctors at four locations across Connecticut.
In February 2015, a patient of Allergy Associates contacted a local television station to speak about a dispute that had occurred between the patient and an Allergy Associates’ doctor. The reporter subsequently contacted the doctor for comment and the doctor impermissibly disclosed the patient’s protected health information to the reporter.
OCR’s investigation found that the doctor’s discussion with the reporter demonstrated a reckless disregard for the patient’s privacy rights and that the disclosure occurred after the doctor was instructed by Allergy Associates’ Privacy Officer to either not respond to the media or respond with “no comment.” Additionally, OCR’s investigation revealed that Allergy Associates failed to take any disciplinary action against the doctor or take any corrective action following the impermissible disclosure to the media.
In addition to the monetary settlement, Allergy Associates will undertake a corrective action plan that includes two years of monitoring their compliance with the HIPAA Rules.
The resolution agreement and corrective action plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/allergyassociates/index.html
Industry certified professionals at EHR 2.0 can provide a thorough HIPAA Assessment for your practice. Our online HIPAA training will provide your staff members that much needed training on HIPAA Privacy and Security rules to avoid pitfalls. Contact us at email@example.com or 866-276-8309.
Latest posts by EHR 2.0 (see all)
- FDA CFR Part 11 Compliance and Benefits - February 20, 2019
- Data Protection Officer (DPO) and GDPR Compliance - February 11, 2019
- Colorado hospital failed to terminate former employee’s access to ePHI - December 12, 2018