Health system pays $475K in first HIPAA settlement for failure to provide timely breach notification

Blog Post
The Department of Health and Human Services Office for Civil Rights (OCR) today announced its first HIPAA settlement for failure to provide timely breach notification. The settlement was with Presence Health Network (“Presence”), a Chicago area health system, and was based on notifying OCR, individuals, and the press 101 to 106 days after discovering that paper-based operating room schedules came up missing, rather than within 60 days after discovery, as required under the HIPAA Breach Notification Rule. During its investigation, OCR also discovered that on several occasions Presence was late in notifying individuals of smaller breaches.

This settlement provides another reminder of the importance of effective policies and procedures for responding to and reporting data breaches on a timely basis. The Resolution Agreement noted that each late day was a separate violation of the Breach Notification Rule. Presence agreed to pay $475,000 and implement a corrective action plan.

OCR’s press release and resolution agreement are available here.
Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.