1 min read

OCR fines Holy Redeemer $35K for Privacy Rule violation

OCR fines Holy Redeemer $35K for Privacy Rule violation

On November 26, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a $35,581 settlement with Holy Redeemer Family Medicine in Pennsylvania over an alleged HIPAA Privacy Rule violation involving the impermissible disclosure of a female patient’s sensitive reproductive health details.

 

What happened

In September 2023, OCR received a complaint that Holy Redeemer had disclosed a patient’s full medical record, including surgical, gynecological, obstetric, and reproductive health histories, to a prospective employer. The patient had requested only one specific test result unrelated to reproductive health be shared. OCR’s investigation confirmed that this disclosure lacked the patient’s authorization and did not meet permissible exceptions under HIPAA.

As part of the settlement, Holy Redeemer will implement a two-year corrective action plan, including revising policies, workforce training, and compliance reporting. The OCR will also monitor Holy Redeemer’s adherence to protecting patient privacy.

 

What was said

It is imperative that health care providers take their duty to protect patient privacy seriously and follow the law,” said OCR Director Melanie Fontes Rainer. “Patients must be able to trust that sensitive health information in their files is protected to preserve their trust in the patient-doctor relationship and ensure they get the care they need. This is particularly true for reproductive health privacy.”

 

Why it matters

Adhering to HIPAA Rules helps maintain patient trust, especially for sensitive details like reproductive health information. Improper disclosures undermine patient trust and violate federal laws, leading to financial penalties and reputational harm for healthcare providers.

 

The bottom line

Healthcare providers must improve their privacy practices and staff training to protect sensitive data and uphold patient confidence.

Learn more: The role of the Office for Civil Rights (OCR) in HIPAA compliance

 

FAQs

How does HIPAA compliance impact patient trust?

When providers are HIPAA compliant, they demonstrate a commitment to safeguarding patient privacy and improve trust in the patient-provider relationship.

 

What should providers do to maintain HIPAA compliance?

Providers must implement administrative, physical, and technical safeguards (like using Paubox), conduct regular risk assessments, and offer regular staff training to maintain HIPAA compliance.

 

What happens if health professionals violate HIPAA?

Violating HIPAA Rules can result in penalties, fines, and disciplinary actions against the mental health professional. HIPAA fines range from $100 to $50,000 per violation, with a maximum annual penalty of $1.5 million. Willful neglect cases can also lead to criminal charges and imprisonment.