Government and Provider Enter Into First-Ever HIPAA Privacy and Security Resolution Agreement

The HHS entered into a resolution agreement with Providence Health & Services (Providence) to settle potential violations of the HIPAA privacy and security rules. Pursuant to the resolution agreement, Providence agreed to pay the government $100,000, and develop and implement a Corrective Action Plan to ensure that it appropriately safeguards electronic patient information. This marks the first time that HHS has entered into a resolution agreement with a covered entity for possible violations of HIPAA, as no violations were admitted. The agreement stems from lost and stolen backup tapes, disks and laptops that contained the health information of approximately 400,000 patients. HHS had received more than 30 complaints about the missing tapes and laptops. Although the government has not been overly aggressive in enforcing HIPAA violations, this agreement shows that the federal government will step up HIPAA enforcement in cases in which unauthorized disclosure involves multiple patients and where HHS receives many complaints about the same incident. To view the settlement agreement, go here:

http://www.hhs.gov/ocr/privacy/enforcement/agreement.pdf