2016 Breach Costs OK State Medical Center $875K; System Initially Missed Vulnerability

Health Care Compliance Association (HCCA)
Contact

Health Care Compliance Association (HCCA)

Report on Patient Privacy 22, no. 8 (August, 2022)

Oklahoma State University Center for Health Sciences’ (OSUCHS) breach might not have seemed all that serious at the time: No data is believed to have been misused, credit monitoring services were not offered and—another rarity—OSUCHS was never the subject of a class-action suit.

Yet last month, OUSUCHS found itself on the receiving end of a settlement with the HHS Office for Civil Rights (OCR) for alleged HIPAA violations, paying $875,000 and agreeing to an extensive, two-year corrective action plan (CAP) that includes the little-employed requirement to appoint an “independent” monitor to oversee those efforts.[1]

An OSUCHS spokesperson told RPP the settlement was the product of lengthy negotiations with OCR.

This is the second recent agreement involving an academic health system. A day after the OSUCHS announcement, OCR said it had reached 11 additional agreements related to covered entities not providing patients access to their medical records—bringing the total settlements under this initiative to 38.[2] Among them was Memorial Hermann Health System, which paid $200,000 related to two patients who lodged access complaints with OCR.

OCR said on July 14 its investigation found that OSUCHS violated the Privacy, Security and Breach Notification rules.[3]

[View source.]

Written by:

Health Care Compliance Association (HCCA)
Contact
more
less

Health Care Compliance Association (HCCA) on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.