Not a Lexis Advance subscriber? Try it out for free.
LexisNexis® CLE On-Demand features premium content from partners like American Law Institute Continuing Legal Education and Pozner & Dodd. Choose from a broad listing of topics suited for law firms, corporate legal departments, and government entities. Individual courses and subscriptions available.
By Stacy L. Cook
The New York attorney general recently entered into a settlement agreement with the University of Rochester Medical Center (URMC) for HIPAA violations. The enforcement action by New York comes on the heels of a HIPAA enforcement action by the Connecticut attorney general in early November 2015. Prior to the Health Information Technology for Economic and Clinical Health (HITECH) Act, only the federal government could enforce HIPAA.
In March 2015, a nurse practitioner was preparing to leave URMC for a position at Greater Rochester Neurology (GRN). Before leaving, the nurse practitioner asked URMC for and was given a list of the 3,403 patients she had treated while at URMC. The list also included patient addresses and diagnoses. The nurse practitioner gave the list to GRN without obtaining consent from the patients. While the nurse was still at URMC, GRN mailed letters to the patients on the list announcing that the nurse practitioner would be joining the group and that the patients could continue to receive treatment from the nurse practitioner at GRN. Shortly thereafter URMC began receiving complaints from patients who received the letters and URMC reported the breach to the U.S. Department of Health and Human Services and the media and notified all individuals.
The settlement requires URMC to pay a $15,000 penalty, provide the New York attorney general with copies of its HIPAA policies and procedures, provide training to its workforce members and report to the New York attorney general all HIPAA breaches.
Stacy L. Cook is a partner in the Healthcare Department in the firm’s Indianapolis, Indiana office. Ms. Cook concentrates her practice on regulatory and transactional issues, including fraud and abuse laws, billing and reimbursement, HIPAA compliance, and related litigation matters, involving a wide variety of healthcare providers, including physicians, pharmacists, wholesale drug distributors, pharmacies, psychologists, physical therapists, hospital medical staffs and long-term care facilities. She has extensive experience in representing healthcare providers before state and federal healthcare regulatory agencies and she assists clients in responding to privacy and security breaches, government investigations and audits, as well as repayment inquiries and internal and external audits.
For more information about LexisNexis products and solutions, connect with us through our corporate site.