Tag Archives: 500

“You Are Known By The Company You Keep” — Including Vendors Without Business Associate Agreements

The concept that one is known by the company one keeps dates back to ancient times (the particular phrase is attributed to both Aesop and the Book of Proverbs).  But this simple aphorism continues to be true.  A recent example is the $500,000 that Advanced Care Hospitalists (ACH) had to pay to the Office for Civil Rights of the U.S. Department of Health and Human Services (OCR) to settle potential violations of the HIPAA Privacy and Security Rules.… More

HHS Announces First HIPAA Breach Settlement Involving Less than 500 Patients

The Department of Health and Human Services’ Office for Civil Rights (“HHS OCR“) announced today that it was, for the first time, entering into a monetary HIPAA settlement for a breach involving less than 500 patients: the Hospice of North Idaho (HONI) has agreed to pay HHS OCR $50,000 to settle potential HIPAA security rule violations.

HHS OCR began its investigation after HONI reported to it that an unencrypted laptop computer containing the electronic protected health information (“ePHI”) of 441 patients had been stolen in June 2010.… More

500 Is a Magic Number: Health Information Breaches Impacting 499 or Fewer Patients Likely Go Uninvestigated By OCR

In the recently-released fiscal 2012 budget for HHS, a dirty little secret has been acknowledged:  the Office of Civil Rights does not have the resources to review all reported breaches of health information.  In fact, if you have a breach that impacts up to 499 people, you are unlikely to hear from OCR at all:

Current OCR practice is to validate, post to the HHS website,… More