A Deaf Ear towards Timely Action – Costs Money and Hampers Security

The U.S. Department of Health and Human Services, which is also known as the Office for Civil Rights, OCR in the U.S. have recently proclaimed a Health Insurance Portability and Accountability Act of 1996, HIPAA. It is all about the civil money penalty against Children’s Medical Center of Dallas that is totally based on its impermissible disclosure of unsecured electronic protected health information and non-compliance over years.

OCR – Successfully Issued Notice of Final Determination and Children

The OCR issued a Notice of Proposed Determination complying with 45 CFR 160.420. It comprised instructions regarding some of the selective ways how Children’s, the seventh largest pediatric health care provider in Dallas and Texas can easily file a request in terms of hearing.

OCR has successfully issued a Notice of Final Determination and Children for having paid $3.2 million, which is nothing other than the full penalty for civil money.  You may follow OCR at http://twitter.com/HHSOCR. In 2010, Children’s filed a breach report with OCR for indicating the loss of the Blackberry device, an unencrypted and non-password-protected device at Dallas International Airport in 2009.

Device by ePHI

The device comprised of ePHI of near about 3,800 individuals. In 2013, it filed a separate Breach Notification Report with OCR. The report was all about the theft of an unencrypted laptop from its place the same year. Though a few physical safeguards to the storage area of the laptop was reported, it too provided access to an area that was not authorized for accessing ePHI.

If you desire to learn more about privacy laws with regard to health information and non-discrimination, feel free to pay a visit to http://www.hhs.gov/hipaa/index.html. The site will also guide you to learn clearly about your civil rights along with privacy rights in health care and human service settings. You may also get to know about filing a complaint.

Visit Respective Website

Investigation by OCR revealed the fact of noncompliance of Children with rules of HIPAA! It has been regarded to be a failure in terms of implementing risk management plans that is a contrary to prior external recommendations to do so. Also, it has been a failure in terms of deploying encryption on all laptops, mobile services, work stations and removable storage media.

Despite knowledge of Children’s about the jeopardy of maintaining unencrypted ePHI on its devices, it issued unencrypted Blackberry devices to nurses. Also, workforce members were allowed to carry on with the same until 2013. Visit http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/Childrens to get an access to the Notice of Proposed Determination and Notice of Final Determination.