Printer Friendly, PDF & Email

Patient Privacy Court Case: May 2020

In June 2018, the University of Texas MD Anderson Cancer Center was ordered to pay a $4.3 million fine to the HHS Office for Civil Rights (OCR) for data breaches. It was the fourth largest HIPAA-related amount to be paid to OCR.

The original case arose out of incidents in 2012 and 2013 in which an MD Anderson employee’s laptop was stolen, a company trainee lost a thumb drive, and a visiting researcher lost a thumb drive. These devices contained data for more than 33,000 patients. The health records were not encrypted, so OCR decided that MD Anderson had violated HIPAA regulations.

This document is only available to subscribers. Please log in or purchase access.