North Memorial Health Care to pay $1.55M HIPAA settlement: 5 things to know

Listen
Text
  • Small
  • Medium
  • Large

North Memorial Health Care, based in Robbinsdale, Minn., has agreed to pay $1.55 million to settle HIPAA violation charges relating to a lack of a business associate agreement.

Here are five things to know.

1. HHS' Office of Civil Rights began investigating North Memorial Health Care following the report of data breach in September 2011. The breach involved a stolen, unencrypted laptop containing the protected health information of 9,497 individuals.

2. The HIPAA violation charge says the health system failed to enter into a business associate agreement with Accretive Health.

3. The OCR's investigation uncovered that Accretive was granted access to the health system's database containing the PHI of 289,904 people and access to non-electronic PHI, without a business associate agreement. Additionally, the health system did not establish an organization-wide risk analysis to address patient information risks and vulnerabilities.

4. "Two major cornerstones of the HIPAA Rules were overlooked by this entity," said Jocelyn Samuels, director of HHS' OCR. "Organizations must have in place compliant business associate agreements as well as an accurate and thorough risk analysis that addresses their enterprise-wide IT infrastructure."

5. In addition the $1.55 million settlement, North Memorial must develop an organization-wide risk analysis and management plan. The health system will also provide training for all staff members affected by the new plan.

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars