Tuesday, July 16, 2024

Sentara Hospitals to pay nearly $2.2 million HIPAA settlement

Sentara Hospitals have agreed to take corrective actions and pay $2.175 million to settle potential violations of the Health Insurance Portability and Accountability Act Breach Notification and Privacy Rules.

The U.S. Department of Health and Human Services made the announcement in a November 2019 news release. Officials said the settlement is an agreement between Sentara, HHS and the Office of Civil Rights.

Sentara’s settlement was one of the largest HHS sought to collect in 2019.

Sentara is comprised of 12 acute care hospitals with more than 300 sites of care throughout Virginia and North Carolina.

In April of 2017, HHS received a complaint alleging that Sentara had sent a bill to an individual containing another patient’s protected health information or PHI.

OCR’s investigation determined that Sentara mailed 577 patients’ PHI to wrong addresses that included patient names, account numbers, and dates of services, according to the news release.

Sentara reported the incident as a breach affecting eight individuals, because “Sentara concluded, incorrectly, that unless the disclosure included patient diagnosis, treatment information or other medical information, no reportable breach of PHI had occurred,” HHS officials wrote in the news release.

Sentara “persisted in its refusal” to properly report the breach even after being explicitly advised of their duty to do so by OCR, officials said.

OCR also determined that Sentara failed to have a business associate agreement in place with Sentara Healthcare, an entity that performed business associate services for Sentara.

“HIPAA compliance depends on accurate and timely self-reporting of breaches because patients and the public have a right to know when sensitive information has been exposed.” said OCR Director Roger Severino. “When health care providers blatantly fail to report breaches as required by law, they should expect vigorous enforcement action by OCR.”

In addition to the monetary settlement, Sentara will undertake a corrective action plan that includes two years of monitoring.

Sentara says they’ve added more quality control measures and hired a new privacy director.

Here’s the resolution agreement and corrective action plan.

The Associated Press contributed to this report.

John Mangalonzo
John Mangalonzohttp://wydaily.com
John Mangalonzo (john@localdailymedia.com) is the managing editor of Local Voice Media’s Virginia papers – WYDaily (Williamsburg), Southside Daily (Virginia Beach) and HNNDaily (Hampton-Newport News). Before coming to Local Voice, John was the senior content editor of The Bellingham Herald, a McClatchy newspaper in Washington state. Previously, he served as city editor/content strategist for USA Today Network newsrooms in St. George and Cedar City, Utah. John started his professional journalism career shortly after graduating from Lyceum of The Philippines University in 1990. As a rookie reporter for a national newspaper in Manila that year, John was assigned to cover four of the most dangerous cities in Metro Manila. Later that year, John was transferred to cover the Philippine National Police and Armed Forces of the Philippines. He spent the latter part of 1990 to early 1992 embedded with troopers in the southern Philippines as they fought with communist rebels and Muslim extremists. His U.S. journalism career includes reporting and editing stints for newspapers and other media outlets in New York City, California, Texas, Iowa, Utah, Colorado and Washington state.

Related Articles

MORE FROM AUTHOR