OCR Fines Cancer Care Group $750K for Potential HIPAA Security Violations | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

OCR Fines Cancer Care Group $750K for Potential HIPAA Security Violations

September 3, 2015
by Heather Landi
| Reprints

An Indiana-based radiation oncology practice, Cancer Care Group, P.C., agreed to pay $750,000 in potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules stemming from a 2012 data breach.

The settlement was agreed upon with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). In addition to the fines, the practice will adopt a corrective action plan to correct deficiencies in its HIPAA compliance program, according to OCR.

The potential violations stem from an incident in July 2012 regarding a breach of unsecured electronic protected health information (ePHI). Cancer Care notified OCR that an employee’s laptop bag was stolen, including the theft of unencrypted backup media containing names, addresses, Social Security numbers, insurance information and clinical information for 55,000 current and former patients.

According to OCR, a subsequent investigation of the breach found that “Cancer Care was in widespread non-compliance with the HIPAA Security Rule.” The practice failed to conduct an enterprise-wide risk analysis at the time of the breach, and it also did not have a written policy in place regarding the removal of hardware and electronic media containing ePHI into and out of its facilities.

“Organizations must complete a comprehensive risk analysis and establish strong policies and procedures to protect patients’ health information,” OCR Director Jocelyn Samuels said in a statement. “Further, proper encryption of mobile devices and electronic media reduces the likelihood of a breach of protected health information.”

Cancer Care has taken corrective action with regard to the specific requirements of the Privacy and Security Rules that are at the core of this enforcement action, as well as actions to come into compliance with the other provisions of the HIPAA rules, according to OCR.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Healthcare Execs Anticipate High Cost Returns from Predictive Analytics Use

Healthcare executives are dedicating budget to predictive analytics, and are forecasting significant cost savings in return, according to new research from the Illinois-based Society of Actuaries.

Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.