Printer Friendly, PDF & Email

Breach Costs OK State Nearly $900K; TX System Settles Access Complaint

A breach of protected health information (PHI) six years ago caused by a hacker who accessed Medicaid records has cost Oklahoma State University Center for Health Sciences (OSUCHS) an $875,000 fine, and it also must undertake a litany of corrective actions, including the unusual step of appointing a monitor to oversee those efforts.[1]

The pricey settlement with the HHS Office for Civil Rights (OCR) comes despite the fact that the breach outwardly didn’t seem all that serious at the time: no data is believed to have been misused, credit monitoring services were not offered and—another rarity—OSUCHS was never the subject of a class-action suit over the breach.

Yet OCR on said July 14 its investigation found that OSUCHS violated the HIPAA Privacy, Security and Breach Notification rules.[2] An OSUCHS spokesperson told RRC the settlement was the product of lengthy negotiations with OCR.

In addition to the requirement for a monitor, the terms of the agreement harken back to OCR’s settlements in prior years that found a lack of electronic protections and unmet requirements, including security risk assessments.

The settlement is the second in July involving an academic health system. A day after the OSUCHS announcement, OCR said it had reached 11 additional agreements related to covered entities not providing patients access to their medical records—bringing the total settlements under this initiative to 38.[3]

Memorial Hermann Health System (MHHS), a 17-hospital chain based in southeast Texas, paid $240,000 and agreed to a two-year corrective action plan (CAP) for failing to provide a single patient access to her records in a timely manner, the agency said.[4]

MHHS’ payment is the biggest OCR has collected under this initiative; the previous record-holder was Banner Health of Phoenix, Arizona, which paid $200,000 related to two patients who lodged access complaints with OCR.

This document is only available to subscribers. Please log in or purchase access.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field