OCR Fines Cancer Care Group $750K for Potential HIPAA Security Violations | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

OCR Fines Cancer Care Group $750K for Potential HIPAA Security Violations

September 3, 2015
by Heather Landi
| Reprints

An Indiana-based radiation oncology practice, Cancer Care Group, P.C., agreed to pay $750,000 in potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules stemming from a 2012 data breach.

The settlement was agreed upon with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). In addition to the fines, the practice will adopt a corrective action plan to correct deficiencies in its HIPAA compliance program, according to OCR.

The potential violations stem from an incident in July 2012 regarding a breach of unsecured electronic protected health information (ePHI). Cancer Care notified OCR that an employee’s laptop bag was stolen, including the theft of unencrypted backup media containing names, addresses, Social Security numbers, insurance information and clinical information for 55,000 current and former patients.

According to OCR, a subsequent investigation of the breach found that “Cancer Care was in widespread non-compliance with the HIPAA Security Rule.” The practice failed to conduct an enterprise-wide risk analysis at the time of the breach, and it also did not have a written policy in place regarding the removal of hardware and electronic media containing ePHI into and out of its facilities.

“Organizations must complete a comprehensive risk analysis and establish strong policies and procedures to protect patients’ health information,” OCR Director Jocelyn Samuels said in a statement. “Further, proper encryption of mobile devices and electronic media reduces the likelihood of a breach of protected health information.”

Cancer Care has taken corrective action with regard to the specific requirements of the Privacy and Security Rules that are at the core of this enforcement action, as well as actions to come into compliance with the other provisions of the HIPAA rules, according to OCR.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.