Sentara Hospitals agrees to $2.2M HIPAA settlement for incorrectly reporting data breach

  • Small
  • Medium
  • Large

Norfolk, Va.-based Sentara Hospitals has agreed to pay the Office for Civil Rights $2.175 million to settle alleged HIPAA violations, according to a Nov. 27 news release.

In April 2017, the health system reported that eight patients had been affected in a data breach. Sentara said that it had improperly sent a bill to a patient containing another patient's protected health information. Upon further investigation, the OCR determined that Sentara had mailed 577 patients' information to wrong addresses.

Patient data exposed included names, account numbers and dates of services. Sentara originally reported that only eight patients had been affected because the incident did not involve diagnosis, treatment information or other medical information.

Along with the $2.175 million settlement, Sentara has agreed to undergo a corrective action plan with two years of monitoring.

"HIPAA compliance depends on accurate and timely self-reporting of breaches because patients and the public have a right to know when sensitive information has been exposed," said Roger Severino, OCR director. "When healthcare providers blatantly fail to report breaches as required by law, they should expect vigorous enforcement action by OCR."

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars