A May 11 article, Texas Health System Pays $2.4M to Settle Unauthorized Patient Disclosure, in Bloomberg BNAs Privacy Law Watch and other publications discussed the $2.4 million settlement that Memorial Hermann Health System reached with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) after it disclosed a patients identity in a press release without authorization. Day Pitney healthcare attorney Eric Fader was quoted in the article.
While one might assume that the OCR must have already covered all possible types of HIPAA violations in its press releases on settlements, Eric told Bloomberg BNA, this settlement illustrates that the agency is continually coming up with new wrinkles. This settlement is the clearest example Ive seen of the principle that the egregiousness of the conduct matters more than the number of individuals affected,” he said, “and I have no doubt that the OCR, in making the settlement the subject of a press release, intended to drive home this exact point.
Eric added that Memorial Hermanns size and perceived ability to pay were likely factors in determining the settlement amount. The health system includes 16 hospitals, 5,500 affiliated physicians and 24,000 employees. Eric also stressed that, as OCR Director Roger Severino stated in the agencys press release, in a large system like Memorial Hermann, someone in senior management should have understood HIPAA well enough to recognize the danger of publicly disclosing a patients name in press releases and meetings.