Press Release Mistake Leads to $2.4 Million HIPAA Penalty for Health System
Posted in HIPAA

On May 10, 2017, the U.S. Health and Human Services Department Office for Civil Rights (OCR) announced an agreement whereby Memorial Hermann Health System (MHHS) will pay a $2.4 million penalty for releasing a patient’s name in a press release.  According to the resolution agreement, in September 2015, a patient at an MHHS clinic presented an allegedly fraudulent identification card to office staff.  The staff notified law enforcement and the patient was arrested.  Although notification to law enforcement did not violate the HIPAA rules, it wa a violation to include the patient’s name in the title of a press release regarding the incident and to disclose the patient's protected health information (PHI) during meetings with an advocacy group, state representatives, and a state senator, in response to the events.

There are a number of lessons to be learned from this settlement:

  • Confirm that senior management, as well as workforce members and subcontractors, understand the HIPAA rules.
  • Thoroughly train press and communications personnel to be alert for information that is protected by HIPAA and must not be disclosed.
  • Review and regularly update HIPAA policies and procedures.
  • Obtain patient consent before disclosing patient names on a website or in a press release.
  • Do not discuss patient PHI with the media or public officials without patient consent.
  • Be sure to document, in a timely manner, any sanctions imposed upon workforce members who fail to comply with the entity’s privacy policies and procedures or violate the HIPAA rules.

The consequences of a HIPAA violation can be severe, so any entity that handles PHI should be diligent in HIPAA compliance.

Our Health Law Ticker is a one-stop resource for everything new and noteworthy in healthcare law. We cover recent developments in healthcare legislation, healthcare reform, Medicare/Medicaid, managed care, litigation, regulatory compliance, HIPAA, privacy, peer review, medical staffs and general business operations for healthcare companies and licensed healthcare professionals.

Stay Connected




View All Nossaman Blogs
Jump to Page

We use cookies on this website to improve functionality, enhance performance, analyze website traffic and to enable social media features. To learn more, please see our Privacy Policy and our Terms & Conditions for additional detail.