News Article with Protected Health Information Led to an $80,000 HIPAA Settlement

According to a November 2023 press release from the Office for Civil Rights (OCR), Saint Joseph’s Medical Center (“Saint Joseph’s”) of New York state agreed to pay $80,000 and implement a corrective action plan in response to their unauthorized release of Protected Health Information (PHI). The OCR press release states a national publication from the Associated Press regarding Saint Joseph’s response to the COVID-19 pandemic included pictures of the facility and PHI about three patients. Since Saint Joseph’s did not obtain prior written authorization from the patients, or their authorized representatives, to release information about their COVID-19 diagnosis, their current medical status and medical prognosis, vital signs, or treatment plan, Saint Joseph’s was in potential violation of the HIPAA Privacy Rule.

In addition to the $80,000 settlement and corrective action plan, Saint Joseph’s must also develop written policies and procedures to ensure their facility and workforce is compliant with the HIPAA Privacy Rule. They will also be monitored by the OCR for two years to ensure they are compliant with their updated policies and procedures and the HIPAA Privacy Rule.

PAAS Tips:

Pharmacies must have customized HIPAA policies and procedures which employees can be trained on
Ensure all staff with access to PHI receive training on the appropriate handling of PHI to prevent accidental disclosures
Contracted entities with access to the pharmacy’s PHI or electronic PHI also need to have HIPAA training; training details should be addressed in the signed Business Associated Agreement and the entity should provide the pharmacy with proof of training, if requested
Training should include information about civil, monetary, and criminal penalties for violations of the HIPAA Privacy Rule to reinforce the importance of following the HIPAA Rules
Members enrolled in the PAAS National^® Fraud, Waste & Abuse and HIPAA Compliance Program can review Section 10 of their Policy & Procedure Manual for more information on HIPAA privacy and breaches or call us to speak to a PAAS National^® analyst about your HIPAA concerns

Author
Recent Posts

Sara Hathaway, PharmD

Analyst at PAAS National^®

After graduating from UW-Madison's School of Pharmacy with my PharmD, I spent my first eight years at an independent pharmacy dividing my time between both retail and long-term care. I fell in love with the independent pharmacy world and joined the PAAS team to help independents not only survive, but thrive.

I enjoy assisting pharmacy staff both pre- and post-audit and enjoy providing them with knowledge and tools to decrease audit risk going forward. I write articles for Third-Party Newsline each month and answer member questions daily. I look forward to building professional relationships with each of our members and assisting you with your next audit.

Latest posts by Sara Hathaway, PharmD (see all)

Numerous Sumatriptan Formulations Cause Headaches for Pharmacies, & Potential Recoupments - April 14, 2024
Be on the Lookout for Eye Drops Requiring Extra Billing Consideration - March 16, 2024
Employer Pays $4.75 Million after Employee Stole, then Sold, Protected Health Information - March 5, 2024