November 26, 2018-Allergy Associates of Hartford, P.C.(Allergy Associates), has agreed to pay $125,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Allergy Associates is a health care practice that specializes in treating individuals with allergies, and is comprised of three doctors at four locations across Connecticut.
In February 2015, a patient of Allergy Associates contacted a local television station to speak about a dispute that had occurred between the patient and an Allergy Associates’ doctor. The reporter subsequently contacted the doctor for comment and the doctor impermissibly disclosed the patient’s protected health information to the reporter.
OCR’s investigation found that the doctor’s discussion with the reporter demonstrated a reckless disregard for the patient’s privacy rights and that the disclosure occurred after the doctor was instructed by Allergy Associates’ Privacy Officer to either not respond to the media or respond with “no comment.” Additionally, OCR’s investigation revealed that Allergy Associates failed to take any disciplinary action against the doctor or take any corrective action following the impermissible disclosure to the media.
In addition to the monetary settlement, Allergy Associates will undertake a corrective action plan that includes two years of monitoring their compliance with the HIPAA Rules.
The resolution agreement and corrective action plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/allergyassociates/index.html
Industry certified professionals at EHR 2.0 can provide a thorough HIPAA Assessment for your practice. Our online HIPAA training will provide your staff members that much needed training on HIPAA Privacy and Security rules to avoid pitfalls. Contact us at firstname.lastname@example.org or 866-276-8309.
Latest posts by EHR 2.0 (see all)
- New HHS Fact Sheet on Direct Liability of Business Associates under HIPAA - June 5, 2019
- California Consumer Privacy Act of 2018 – Bill Text - April 4, 2019
- HIPAA Compliance Review Program Launch - March 26, 2019