OCR Kicks Up Fines and Hospital Penalized After Persistent Non-Compliance
Take control of the physical data breach and drug diversion risks that threaten your healthcare organization with Senseon’s Physical Security Breach Roundup.
We bring you the most recent physical data breach and drug diversion announcements each month. If you want to learn more about what you can do to minimize the risk of your facility ending up on this list, we can help.
Physical Data Breach News
Elizabeth Family Health Center in Colorado is left notifying more than 28,000 patients that their information was potentially exposed. This is in response to a September incident where the center was vandalized and backup server tape cartridges that contained PHI were stolen. The center is offering free copies of credit reports to impacted individuals.
This November, HHS OCR announced the fourth HIPAA settlement to crack $1 million in just five weeks. While 2019 started off slow, the agency seems to have picked up the pace of its enforcement. It’s possible that OCR has stepped into a new level of engagement and enforcement, but while that’s difficult to tell, there has been an increase in interest in HIPAA breaches from state Attorneys General.
Police in Evansville, Indiana are searching for a man who was caught on camera after stealing a laptop computer and a Crestor tablet style media controller. The theft happened on November 15th after the suspect accessed restricted areas of the hospital.
OCR’s Breach Notification port notes that Truman Medical Center in Missouri reported on December 5th a breach that impacted 114,466 patients. The source of the breach is listed as a theft of a laptop.
Sentara Hospitals is on the hook for over $2 million after failing to notify HHS of a HIPAA breach.
HHS received a complaint against Sentara in 2017 that accused the organization of sending a patient a bill that contained another patient’s information. OCR discovered that Sentara had actually mailed 577 patients’ PHI to the wrong address, jeopardizing names, account numbers, and dates of service. Sentara, though, had reported that the breach only affected 8 individuals because they incorrectly concluded that no breach had occurred since no diagnosis, treatment, or medical information was included in the additional mailings. They also continued their refusal to report the breach even after being advised of their duty to comply by OCR.
Drug Diversion News
A former pharmacist in Pennsylvania is facing charges after allegedly acquiring controlled substances through misrepresentation, fraud, forgery, and other methods.
An investigation found that Colt J. Edwards had stolen hydrocodone polistirex and chlorpheniramine polistirex extended-release suspension. Edwards allegedly admitted that he would take the hydrocodone into the employee area of the pharmacies where he was working, remove the drug from the bottle and replace it with distilled water. Edwards is also accused of stealing zolpidem and tramadol from six locations of Martin’s and Giant pharmacies, as well as three other pharmacies in the area.
Need to brush up on your HIPAA Physical Safeguard requirements? We’ve got you covered.