Failure to notify patients of privacy breach: Illinois hospital settles for $475k
The U.S. Department of Health and Human Services, Office for Civil Rights, settled with a healthcare system for its untimely reporting of a breach of its unsecured, private health information. Presence Health has agreed to pay $475,000 and implement a corrective action plan.
Presence Health is one of the largest health care networks serving Illinois. It has about 150 locations, including 11 hospitals and 27 long-term care and senior living facilities.
In late 2013, Presence discovered that operating room schedules were missing from the Presence Surgery Center at the Presence St. Joseph Medical Center in Joliet, Illinois. The schedules contained 836 patients’ protected health information, including: patient names, dates of birth, medical record numbers, procedure dates, procedure descriptions, surgeon names, and anesthesia descriptions. The investigation revealed that Presence Health failed to notify the affected individuals or the OCR within 60 days of discovering the breach.
As outlined in the Corrective Action Plan agreed upon in the settlement, Presence Health must revise its existing policies and procedures concerning its management of protected health information. Presence also agreed to report any future breaches within 60 days of discovery.
About the author
Erin K. Jackson is Jackson LLP’s Managing Partner. She is responsible for all aspects of firm management, is a sought-after speaker for healthcare conferences, and is a published author. She is specifically focused upon the intersection of the patient experience in healthcare with the legal and ethical responsibilities of providers.
© 2017 Jackson LLP, all rights reserved