IT service provider agrees to pay $650k for SNF HIPAA breach
A Philadelphia IT services provider has agreed to pay more than one-half million dollars to settle a case of a stolen nursing home employee smartphone containing residents’ personal medical information.
Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), which provides information technology and management services to six nursing homes, has agreed to pay $650,000 and implement a two-year corrective action plan to mitigate against further violations, according to a document from the U.S. Department of Health & Human Services Office for Civil Rights (OCR).
The case involved the 2014 theft of a mobile phone, which had access to more than 400 residents’ medical information and social security numbers. The CHCS-issued phone had not been encrypted or password-protected. CHCS also had not conducted "an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality integrity, and availability of e-PHI," and did not "implement appropriate security measures sufficient to reduce the risks and vulnerabilities to a reasonable and appropriate level to comply" with HIPAA data privacy rules, the OCR document states.
The agreement is the first OCR settlement to include a business associate as the liable entity: CHCS acted as the third-party provider of IT services for the nursing homes and was responsible for the smartphone, the case claims.
The case highlights the need for business partners and third-party service providers to be as diligent about data security protocols as the care providers. The OCR began holding business associates liable for HIPAA privacy in 2013, and the earliest cases are now beginning to reach settlements.
Pamela Tabar was editor-in-chief of I Advance Senior Care from 2013-2018. She has worked as a writer and editor for healthcare business media since 1998, including as News Editor of Healthcare Informatics. She has a master’s degree in journalism from Kent State University and a master’s degree in English from the University of York, England.
Topics: Technology & IT