In this week’s news, hospitals pay record fines after a data breach, and a surgeon dumps his EHR vendor in favor of a personal solution.
Record HIPAA Fine of $4.8M To Be Paid By Two Providers
New York-Presbyterian Hospital and Columbia University Medical Center have agreed to pay fines of $4.8 million to settle HIPAA (Health Insurance Portability and Accountability Act) violations occurring in 2010. The protected data of 6,800 patients ended up on Google, and an investigation by the Office for Civil Rights found that the two providers were responsible for the leak. The breach was discovered when an individual saw the ePHI (electronic protected health information) of their deceased partner online. NYP will pay $3.3 million and Columbia University will pay $1.5 Million, reports Healthcare IT News.
Data Breach Toolkit From AHIMA
According to Health IT Security, AHIMA (American Health Information Management Association) has released its data breach toolkit for providers looking for additional resources in tackling potential data security issues. Access to the tool comes with AHIMA membership and references the five critical pieces of a breach notification letter:
Surgeon Bypasses EHR Vendors
Spinal Surgeon, Dr. Lloyd Hey has garnered attention for dumping the software provided by his EHR vendor, and designing his own. Dr. Hey, according to InformationWeek, found that the software he’d purchased to managed his health records was designed for primary care physicians, not surgeons. He also indicated that his vendor’s programmers weren’t willing to make improvements, and that the software didn’t fit well with his existing practice management system. The article also discusses surgeons across the board having similar issues, resulting in some hospitals purchasing separate EHR tools for surgery departments.
VA Braces For Influx Of New Data
The Veterans Health Administration is taking on patient-generated data. In an effort to kick off an initiative that would allow patients to wear patches that would automatically and constantly send data to a patient-generated database, the department issued a “sources sought” notice earlier this year. The VA is still figuring out how that would mesh with current EHRs. You can read more at FedTech Magazine.
Organizations Pay $2M In Fines Because Of Stolen Laptops
OCR has fined two organizations, Concentra Health Services and QCA Health Plan, a total of $1,975,220 because of stolen laptops that were not encrypted. Concentra carried the bulk of the fines, after a laptop was stolen from a Missouri physical therapy center. Healthcare IT News reports that Concentra had recognized, in multiple instances, that the lack of encryption was a critical risk. OCR has set up six educational programs for providers to help organizations avoid these fines in the future.
Healthcare IT Talking Points
KLAS’ research desk muses on lessons learned from the Donald Sterling case that could apply to EMR vendors. “At KLAS, we speak to thousands of providers each year. Some are happily married to their vendors, and others have their vendors sleeping on the couch but still have to live with them.”
For more news and insights, visit BSMinfo’s Healthcare IT Resource Center.