Part B Insider (Multispecialty) Coding Alert

Published on Tue Jun 03, 2014 PDF

Plus: OIG recovers over $3.1 billion in first half of 2014.

If you search your loved one’s name on the internet, the last thing you want to see is his private medical records show up in the search results—but that’s exactly what happened to one stunned New Yorker, spurring a HIPAA investigation that would result in $4.8 million in settlements.

A physician who developed apps for two Manhattan hospitals meant to deactivate his personal computer server from the hospital network, which included electronic protected health information (ePHI). “Because of a lack of technical safeguards, deactivation of the server resulted in ePHI being accessible on internet search engines,” a May 7 Department of Health and Human Services news release noted. “The entities learned of the breach after receiving a complaint by an individual who found the ePHI of the individual’s deceased partner, a former patient of the hospital, on the internet.”

But that patient wasn’t alone—in fact, 6,800 individuals were impacted by the breach, with their patient status, vital signs, medications and lab results vulnerable to public viewing. The resulting settlement of $4.8 million is the largest to date since the HIPAA laws went into effect.

To read more about the breach, visit www.hhs.gov/news/press/2014pres/05/20140507b.html.