Don't Become a HIPAA Headline > Michigan State Medical Society


Don't Become a HIPAA Headline

Parkview Health System, Inc., which provides services to individuals in northeast Indiana and northwest Ohio, has the temporary distinction of being the latest health care entity to settle with the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) for potential violations of the Health Insurance Portability & Accountability Act of 1996 (HIPAA). The settlement is $800,000 and adoption of a corrective action plan to address deficiencies in their HIPAA compliance program.

After the theft of a thumb drive, Adult & Pediatric Dermatology, PC, of Concord, Massachusetts, was fined $150,000 and mandated to implement a corrective action plan because they had not conducted an accurate and thorough security analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process" and was not in full compliance with "requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members."

OCR is becoming more proactive in enforcing provisions in the HIPAA Privacy and Security Rule as modified by the HITECH Act and Omnibus Rule through its HIPAA compliance audits. Physicians should heed the following advice from OCR Director Leon Rodriguez:

"As we say in health care, an ounce of prevention is worth a pound of cure," said OCR Director Leon Rodriguez. "That is what a good risk management process is all about - identifying and mitigating the risk before a bad thing happens. Covered entities of all sizes need to give priority to securing electronic protected health information."

The Hospice of North Idaho (HONI) agreed to pay $50,000 to settle potential violations of the HIPAA Security Rule for a breach of unsecured electronic protected health information (ePHI) affecting fewer than 500 individuals.

MSMS has scheduled three upcoming education sessions, led by HIPAA Consultant Joe Dylewski, to teach physicians and their practices what steps need to be taken to protect themselves from failing a HIPAA Privacy and Security audit.

Don't be caught off-guard, sign up today for one of the following sessions:

  • Wednesday, July 16, East Lansing - MSMS Headquarters
  • Wednesday, September 17, Saginaw – St. Mary's of Michigan Health Education Center
  • Friday, October 24, Troy - Somerset Inn

For more information about HIPAA, contact Stacey Hettiger at MSMS at 517-336-5766 or


Posted in: Hot Topics, News for Practices