Health System Agrees to Pay $800,000 following Improper Disclosure of Medical Records

This week, Parkview Health System, Inc. (“Parkview”) agreed to pay $800,000 and enter into a Corrective Action Plan to settle allegations that Parkview violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  In 2008, Parkview took custody of between 5,000 and 8,000 medical records of patients for a retiring physician in order to help transition the patients to new providers.  In 2009, Parkview employees were delivering the records to the physician’s home and left them in cardboard boxes on the physician’s driveway near a public road, despite knowing the physician was not home.  The physician promptly filed a complaint with the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”).  OCR then initiated an investigation of Parkview in May 2011.

The Corrective Action Plan requires Parkview to develop written policies and procedures regarding administrative, technical, and physical safeguards to protect non-electronic Protected Health Information (“PHI”).  It also requires development of a comprehensive training program and that Parkview promptly report instances of suspected noncompliance to OCR.

This settlement is particularly notable because it relates to paper records, which is a departure from OCR’s recent focus on electronic PHI.  Christina Heide, the acting deputy director of health information privacy at OCR, stated: “All too often we receive complaints of records being discarded or transferred in a manner that puts patient information at risk.  It is imperative that HIPAA covered entities and their business associates protect patient information during its transfer and disposal.”

For information regarding HIPAA enforcement, please refer to our HIPAA enforcement tracker located under the “Trackers and Presentations” section on this page and under the “Resources” tab above.

Leave a comment

Filed under Cooley Trackers, Government Enforcement, Health Information Privacy, HIPAA, Privacy and Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s