Skip to main content

$475,000 HIPAA Penalty for Tardy Breach Notification - Incident Involved Relatively Small Breach of Paper Records

CSR Thoughts...

The Federal Government continues to show business owners that they take data breach notifications very seriously.  Federal regulators issued a $475,000 fine to Presence Health for not sending breach notifications in a timely manner when the PHI of 836 individuals was compromised. 
This should be a wake-up call for all businesses, but small to medium size businesses in particular should address the gaps in their organization’s information security programs to better prepare for a breach.  The CSR Readiness® Pro Edition comprises both the proactive program of Readiness, which assesses their privacy procedures and gives remediation tasks to improve, but also includes the reactive component of the Breach Reporting Service which provides breach notifications on time to all required agencies.  It is a true 360° privacy solution for the small to medium size business.    



Data Breach Today

Jocelyn Samuels, director of the Department of Health and Human Service's Office for Civil Rights, which enforces HIPAA, notes that healthcare organizations "need to have a clear policy and procedures in place to respond to the [HIPAA] Breach Notification Rule's timeliness requirements. Individuals need prompt notice of a breach of their unsecured PHI so they can take action that could help mitigate any potential harm caused by the breach."