Texas Cancer Center Ordered to Pay $4.3 Million Fine for HIPAA Violation

Joe Engelking

Ready to Solve Your IT Problems and/or Protect Your Systems?

 

The U.S. Department of Health and Human Services ruled that The University of Texas MD Anderson Cancer Center violated the HIPAA Act and was ordered to pay $4.3 million to the OCR.

MD Anderson is both a degree-granting academic institution and a comprehensive cancer treatment and research center located in Houston.

The OCR investigated MD Anderson following three separate data breach reported between 2012 and 2013 involving the theft of an unencrypted laptop and the loss of 2 unencrypted USB thumb drives which contained unencrypted electronic protected health information (ePHI) for over 33,500 individuals.

The OCR’s investigation found that even though MD Anderson had written encryption policies, their finding indicated that MD did not properly impose them and that their activities posed a high risk to the security of individual’s ePHI.

The US Dept. or Health agreed with OCR’s arguments and upheld the OCR’s penalties for each day of MD Anderson’s non-compliance with HIPAA and for each record of individuals

 

We are pleased that the judge upheld our imposition of penalties because it underscores the risks entities take if they fail to implement effective safeguards, such as data encryption when required to protect sensitive patient information,” said OCR Director Roger Severino.

 

The Take-Away: This case is hard proof that the handling of electronic personal health information is serious business and that if you do not have AND FOLLOW a strict digital security procedure to keep your data safe and secure at all times then you can be hit with massive fines and penalties.

 

The Notice of Proposed Determination and the ALJ’s opinion may be found on the OCR website at:

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/mdanderson/index.html

 

Leave a Comment

AWARD-WINNING CYBERSECURITY AND I.T. SERVICES

TOP 10% OF ALL REVIEWED I.T. PROVIDERS
UPCITY TOP REVIEWED I.T. PROVIDER
EXPERTISE CURATED TOP PICK
DESIGNRUSH TOP CHICAGO I.T. PROVIDER
RANKED TOP 5 ON GOODFIRM’S TOP CYBERSECURITY PROVIDERS LIST
National IT & Cybersecurity Coverage
Managed IT Services
System Audits/Assessments
Design & Installation
Software Implementation
Custom Software Development
Remote Monitoring
24/7 On-Call Support
Cybersecurity
ISO Consulting
SOC Consulting
HIPAA Consulting
Systems Monitoring
Policy Development
Fraud Prevention
Data Protection
Tools
Download
Contact
Headquarters
Chicago, Illinois
847-496-5196
Schedule a Free Consultation