Largest-ever HIPAA settlement rings in at $5 million, should be a lesson to providers sharing computer networks, feds announce

Share this article:

New York Presbyterian Hospital and Columbia University have entered into the largest-ever government settlement over an electronic data breach, totaling $4.8 million, the Department of Health and Human Services announced Wednesday. 

The breach occurred when a Columbia University physician and computer application developer attempted to deactivate a server he personally owned, which was on a data network shared with New York Presbyterian, according to HHS. The two organizations operate jointly as New York Presbyterian Hospital/Columbia University Medical Center.

Because “technical safeguards” were lacking, deactivating the server allowed personal health information of about 6,800 patients to be accessed through public Internet search engines, HHS explained. The providers reported the breach in 2010, after someone found the personal information of a deceased loved one on the Web.

The settlement should be cautionary for joint healthcare providers that both are covered by Health Insurance Portability and Accountability Act provisions, said Christina Heide, acting deputy director for health information privacy at the HHS Office of Civil Rights.

“When entities participate in joint compliance arrangements, they share the burden of addressing the risks to protected health information,” She said. “Our cases against NYP and CU should remind healthcare organizations of the need to make data security central to how they manage their information systems.”

New York Presbyterian's share of the settlement totaled about $3.3 million, and Columbia's came to $1.4 million. Both have agreed to a “substantive corrective action plan,” including risk analysis and management, HHS noted.

Share this article:

More in News

Nursing home antipsychotic use has dipped nearly 19% under national effort, latest figures show

Nursing home antipsychotic use has dipped nearly 19% ...

The percent of long-stay nursing home residents receiving antipsychotic medication has decreased 18.8% under a nationwide initiative that started in 2012.

Jimmo succeeds in getting Medicare coverage, two years after landmark case ended

Glenda Jimmo has reached a settlement with the federal government and will finally receive Medicare coverage for claims that were denied in 2007, which led her to file a class-action lawsuit over the so-called "improvement standard."

Breier named new CEO at Kindred

Breier named new CEO at Kindred

Kindred Healthcare announced Thursday that it has chosen a new top executive to lead its push toward creating a mammoth national brand. Benjamin A. Breier, the company's current president and ...