Sentara Hospitals agrees to $2.2M HIPAA settlement for incorrectly reporting data breach

Norfolk, Va.-based Sentara Hospitals has agreed to pay the Office for Civil Rights $2.175 million to settle alleged HIPAA violations, according to a Nov. 27 news release.

In April 2017, the health system reported that eight patients had been affected in a data breach. Sentara said that it had improperly sent a bill to a patient containing another patient's protected health information. Upon further investigation, the OCR determined that Sentara had mailed 577 patients' information to wrong addresses.

Patient data exposed included names, account numbers and dates of services. Sentara originally reported that only eight patients had been affected because the incident did not involve diagnosis, treatment information or other medical information.

Along with the $2.175 million settlement, Sentara has agreed to undergo a corrective action plan with two years of monitoring.

"HIPAA compliance depends on accurate and timely self-reporting of breaches because patients and the public have a right to know when sensitive information has been exposed," said Roger Severino, OCR director. "When healthcare providers blatantly fail to report breaches as required by law, they should expect vigorous enforcement action by OCR."

More articles on cybersecurity:
Dr. David Feinberg responds to criticism of Ascension, Google project
Indiana physician group warns 3,500 patients of data breach
Ascension's Eduardo Conrado: Fulfilling the promise of digital health information

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months