Providence Health Settles HIPAA Suit, Develops Corrective Plan | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Providence Health Settles HIPAA Suit, Develops Corrective Plan

July 18, 2008
by root
| Reprints

Providence Health and Services (Seattle) will pay a fine of $100,000 to settle potential HIPAA violations and is implementing a corrective action plan to more effectively protect electronic patient information, as a result of a resolution agreement it established with the U.S. Department of Health and Human Services (HHS (Washington, D.C.)

The agreement relates to Providence’s loss of electronic backup media and laptop computers containing individually identifiable health information in 2005 and 2006; the incidents were in violation of the Privacy and Security Rules, according to the organization.

The corrective action plan will require Providence to:
  • Revise its policies and procedures regarding physical and technical safeguards (e.g., encryption) governing off-site transport and storage of electronic media containing patient information, subject to HHS approval;
  • Train workforce members on the safeguards; and
  • Conduct audits and site visits of facilities; and submitting compliance reports to HHS for a period of three years.

The Resolution Agreement and Corrective Action Plan can be found on the OCR Web site at

Providence is a not-for-profit health system providing services to patient communities across five states, including Alaska, Washington, Montana, Oregon and California. The system includes 26 hospitals, more than 35 non-acute facilities, physician clinics, a health plan, and educational facilities.

The Health IT Summits gather 250+ healthcare leaders in cities across the U.S. to present important new insights, collaborate on ideas, and to have a little fun - Find a Summit Near You!


See more on