MD Anderson fined $4.3M for HIPAA violations related to 3 data breaches

In a June 18 release, HHS announced a ruling against the University of Texas MD Anderson Cancer Center in Houston requiring $4.3 million in civil penalties due to three data breaches from 2012 and 2013.  

Personnel at MD Anderson lost a laptop and two thumb drives, containing information about thousands of patients.

“OCR is serious about protecting health information privacy and will pursue litigation, if necessary, to hold entities responsible for HIPAA violations,” said OCR Director Roger Severino. “We are pleased that the judge upheld our imposition of penalties because it underscores the risks entities take if they fail to implement effective safeguards, such as data encryption, when required to protect sensitive patient information.”

MD Anderson argued the devices did not require encryption because the personal information was for research—meaning it was not subject to HIPAA requirements. A company release from MD Anderson emphasized patient privacy and data security, while disagreeing with the final judgment.

“Patient privacy is of extreme importance at The University of Texas MD Anderson Cancer Center, and substantial measures are in place to ensure the protection of private patient information,” according to MD Anderson’s statement. “In all three cases involving the loss or theft of devices reviewed by the Administrative Law Judge (ALJ), there is no evidence any patient information was viewed or any harm to patients was caused.”

""
Nicholas Leider, Managing Editor

Nicholas joined TriMed in 2016 as the managing editor of the Chicago office. After receiving his master’s from Roosevelt University, he worked in various writing/editing roles for magazines ranging in topic from billiards to metallurgy. Currently on Chicago’s north side, Nicholas keeps busy by running, reading and talking to his two cats.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”