Presence Health, a healthcare network based in Illinois, earlier in 2017 acceded to pay a $475,000 fine after not reporting a breach of unsecured protected health information in a timely fashion. Officials of the Office for Civil Rights (OCR) are noting that the length of time it took Presence to report the breach was not in accordance with HIPAA standards. This action represents the first HIPAA enforcement by the OCR on a healthcare provider for lack of timely notification of a breach.
The OCR was notified of the breach via Presence on January 31, 2014, despite the actual breach taking place on October 22, 2013. Paper-based documents, containing the protected health information of 836 individuals had gone missing from the Presence Surgery Center, at Presence St. Joseph Medical Center, located in Joliet Illinois. Presence's failure to notify stretched beyond 60 days of discovering the breach, and was due in no part to unavoidable delay. The missing documents from Presence Health included information about patient names, dates of birth, medical record numbers, dates of procedures, types of procedures, surgeon names, and types of anesthesia.
As is exhibited by the suit against Presence Health, compliance with HIPAA regulations and procedures are of paramount importance to healthcare providers and systems. Financially, this suit has shown an extent of the monetary toll that HIPAA discordance can result in for healthcare providers. By not complying to HIPAA procedure, Presence jeopardized protected information, creating various vulnerabilities for those affected, and the healthcare network itself. This discordance also affected the OCR by hindering its ability to conduct a proper investigation into the breach, thereby gaining information about the then-current case, and security breaches and risks going forward.
HIPAA compliance is critical in order to ensure proper protection of data; however, it can be difficult to keep up to speed. Do the proper research to determine which programs are right for your company, helping the company's efficiency, compliance, and productivity.