Dermatology Practice Settles Potential HIPAA Violations

The Department of Health and Human Services (“HHS”) announced on December 26th that Adult & Pediatric Dermatology, P.C. (“APDerm”) has agreed to a $150,000 settlement to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy, Security, and Breach Notification Rules. APDerm is a private practice that delivers dermatology services in four locations in Massachusetts and two in New Hampshire. This is the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).

The HHS Office of Civil Rights (“OCR”) investigation began as a result of a report that an unencrypted thumb drive containing the electronic protected health information (“ePHI”) of approximately 2,200 individuals was stolen from an APDerm staff member’s vehicle. The thumb drive was never recovered.  After investigation, the OCR determined that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI and did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members. OCR Director, Leon Rodriguez, stated in the HHS press release that “…a good risk management plan is all about – identifying and mitigating risk before bad things happen. Covered entities of all sizes need to give priority to securing electronic protected health information.”

The HHS press release as well as the resolution agreement with corrective action plan between OCR and APDerm can be found here.

About Bose McKinney & Evans LLP

Bose McKinney & Evans LLP is a business law firm, headquartered in Indianapolis, Indiana, serving both publicly held and privately held businesses, governmental entities and high-growth industries. Our clients include Fortune 100 companies, international manufacturers, national and regional financial institutions, agribusinesses, sports teams, university-incubated start-ups, media, utilities, cities and schools, to name a few. We strive to build strong relationships with our clients as key business advisors, to exceed expectations in the quality of our work, to be knowledgeable about our clients’ businesses and sectors, to be responsive to service needs and to continually seek to improve the delivery of client services. Our ultimate focus is on our clients.
This entry was posted in HIPAA and tagged , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s