Published on: | by

Dermatology Practice Pays $150,000 to Settle Allegations of HIPAA Violations

On December 26, 2013, the Department of Health and Human Services (“HHS”) and Adult & Pediatric Dermatology, P.C. (“APDerm”) agreed to settle potential violations of the HIPAA Privacy, Security, and Breach Notification Rules for $150,000. In addition the $150,00 settlement, APDerm will also be required to implement a corrective action plan to correct deficiencies in its HIPAA compliance program.

This marks the first settlement with a covered entity under which the HHS Office of Civil Rights (“OCR”) specifically cited the practice for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).

The OCR initiated an investigation of APDerm after receiving a report than an unencrypted thumb drive containing electronic protected health information (“ePHI”) of approximately 2,200 patients was stolen from a staff member’s vehicle. The thumb drive was never recovered. After the close of the investigation, OCR determined that APDerm failed to conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of the ePHI as a part of its security management process. Additionally, OCR found that APDerm failed to fully comply with the Breach Notification Rule by not having written policies and procedures in place and by failing to properly train its workforce members.

This settlement highlights the significance of conducting routine risk and vulnerability assessments, having adequate written policies in place, and conducting workforce training on HIPAA privacy and security policies. It is imperative that all covered entities affirmatively review the mandatory requirements under the HIPAA Omnibus Rule.

For more information, or for questions related to HIPAA or other regulatory concerns, please contact Clinton Mikel, Esq., or Adrienne Dresevic, Esq. at (248) 996-8510 or via email at cmikel@thehlp.com or adresevic@thehlp.com.

Contact Information
Detroit
32000 Northwestern Hwy #240
Farmington Hills, MI 48334
P (248) 996-8510 F (248) 996-8525

The Health Law Partners, P.C.

New York City
15 W 38th St 4th Floor #735
New York, NY 10018
P (212) 734-0128 F (917) 210-2952

The Dresevic, Iwrey, Kalmowitz & Pendleton Law Group A Division of The Health Law Partners, P.C.

This is an attorney advertisement.

We serve the following localities: Alpena County, Alpena, Bay County, Auburn, Bay City, Essexville, Pinconning, Berrien County, Benton Harbor, Berrien Springs, Buchanan, Coloma, Niles, St. Joseph, Stevensville, Watervliet, Calhoun County, Albion, Battle Creek, Marshall, Charlevoix County, Boyne City, Charlevoix, East Jordan, Cheboygan County, Cheboygan, Crawford County, Grayling, Eaton County, and Bellevue. [ View More ]

This is an attorney advertisement.

Branding by Zoyes Creative

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please do not include any confidential or sensitive information in a contact form, text message, or voicemail. The contact form sends information by non-encrypted email, which is not secure. Submitting a contact form, sending a text message, making a phone call, or leaving a voicemail does not create an attorney-client relationship.

Copyright © 2024, The Health Law Partners, P.C.
JUSTIA Law Firm Blog Design