Menu Close

Texas Health System Pays $2.4M to Settle Unauthorized Patient Disclosure

Posted in Electronic Health Records, HIPAA and the HITECH Act, Hospitals and Institutions, Litigation, Privacy and Data Protection

A May 11 article, “Texas Health System Pays $2.4M to Settle Unauthorized Patient Disclosure,” in Bloomberg BNA’s Privacy Law Watch and other publications discussed the $2.4 million settlement that Memorial Hermann Health System reached with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) after it disclosed a patient’s identity in a press release without authorization. Day Pitney healthcare attorney Eric Fader was quoted in the article.

While one might assume that the OCR must have already covered all possible types of HIPAA violations in its press releases on settlements, Eric told Bloomberg BNA, this settlement illustrates that the agency is continually coming up with new wrinkles. “This settlement is the clearest example I’ve seen of the principle that the egregiousness of the conduct matters more than the number of individuals affected,” he said, “and I have no doubt that the OCR, in making the settlement the subject of a press release, intended to drive home this exact point.”

Eric added that Memorial Hermann’s size and perceived ability to pay were likely factors in determining the settlement amount. The health system includes 16 hospitals, 5,500 affiliated physicians and 24,000 employees. Eric also stressed that, as OCR Director Roger Severino stated in the agency’s press release, in a large system like Memorial Hermann, someone in senior management should have understood HIPAA well enough to recognize the danger of publicly disclosing a patient’s name in press releases and meetings.

Leave a Reply

Your email address will not be published. Required fields are marked *