Texas Health System Agrees to Pay HHS $2.4 Million
Memorial Hermann Health System (MHHS) will also adopt a correct action plan to settle violations of the HIPAA Privacy Rule.
According to a report from the HHS Office of Civil Rights, Memorial Hermann Health System (MHHS) has agreed to pay $2.4 million to the HHS as well as adopt a correct action plan in order to settle violations of the HIPAA Privacy Rule.
The agreement stems from a review of the system based on reports that said it disclosed a patient's protected health information (PHI) without authorization. MHHS is located in Southeast Texas and is comprised of 16 hospitals and services outside of Houston.
After a patient was arrested for providing a fraudulent identification card to staff, a press release disclosed the PHI. "Senior management should have known that disclosing a patient's name on the title of a press release was a clear HIPAA Privacy violation that would induce a swift OCR response," said OCR Director Roger Severino. "This case reminds us that organizations can readily cooperate with law enforcement without violating HIPAA, but that they must nevertheless continue to protect patient privacy when making statements to the public and elsewhere."