Seattle-based Health System Agrees to Pay $100,000 HIPAA Fine

The U.S. Department of Health & Human Services has entered into a Resolution Agreement with Seattle-based Providence Health & Services to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. Providence is a not-for-profit health system that provides services across five states--Alaska, Washington, Montana, Oregon, and California--to 26 hospitals, more than 35 non-acute facilities, physician clinics, a health plan, a university, and a high school. In the agreement, Providence agreed to pay $100,000 and implement a detailed Corrective Action Plan to ensure that it will appropriately safeguard identifiable electronic patient information against theft or loss.

The Privacy and Security Rules are enforced by HHS' Office for Civil Rights (OCR) and the Centers for Medicare & Medicaid Services (CMS). The Privacy and Security Rules require health plans, health care clearinghouses and most health care providers (covered entities) to safeguard the privacy of certain individually identifiable health information and meet additional security standards for patient information maintained in electronic form.

The incidents giving rise to the agreement involved two entities within the health system. On several occasions between September 2005 and March 2006, backup tapes, optical disks, and laptops, all containing unencrypted electronic protected health information, were removed from the premises and were left unattended. The media and laptops were subsequently lost or stolen, compromising the protected health information of more than 386,000 patients. HHS received more than 30 complaints about the stolen tapes and disks, submitted after the company, pursuant to state notification laws, informed patients of the theft.

In addition to the fine, the Corrective Action Plan Providence has agreed to requires it to: revise its policies and procedures regarding physical and technical safeguards (e.g., encryption) governing off-site transport and storage of electronic media containing patient information, subject to HHS approval; train workforce members on the safeguards; conduct audits and site visits of facilities; and submit compliance reports to HHS for a period of three years. The Resolution Agreement and Corrective Action Plan can be found on the OCR Web site at www.hhs.gov/ocr/privacy/enforcement/.

Download Center

HTML - No Current Item Deck
  • Safety Management Software - Free Demo

    IndustrySafe Safety Software’s comprehensive suite of modules help organizations to record and manage incidents, inspections, hazards, behavior based safety observations, and much more. Improve safety with an easy to use tool for tracking, notifying and reporting on key safety data.

  • Create Flexible Safety Dashboards

    IndustrySafe’s Dashboard Module allows organizations allows you to easily create and view safety KPIs to help you make informed business decisions. Our best of breed default indicators can also save you valuable time and effort in monitoring safety metrics.

  • Schedule and Record Observations

    IndustrySafe's Observations module allows managers, supervisors, and employees to conduct observations on employees involved in safety critical behavior. IndustrySafe’s pre-built BBS checklists may be used as is, or can be customized to better suit the needs of your organization.

  • Why Is Near Miss Reporting Important?

    A near miss is an accident that's waiting to happen. Learn how to investigate these close calls and prevent more serious incidents from occurring in the future.

  • Get the Ultimate Guide to Safety Training

    When it comes to safety training, no matter the industry, there are always questions regarding requirements and certifications. We’ve put together a guide on key safety training topics, requirements for certifications, and answers to common FAQs.

  • Industry Safe
comments powered by Disqus

OH&S Digital Edition

  • OHS Magazine Digital Edition - May 2019

    May 2019

    Featuring:

    • RESPIRATORY PROTECTION
      Why Pick a PAPR? 
    • FIRE SAFETY TRAINING
      Fire Safety: Plan, Prevent, Train, Recover
    • PROTECTIVE APPAREL
      The Truth About Heat Stress and FRC
    • AIHCE EXP 2019 PREVIEW
      Underestimated No More
    View This Issue