The Associated Press
Originally published September 25, 2015
A state licensing board is proposing a $5,000 fine, a reprimand and ethics training for the head of the University of Oregon’s counseling office.
The proposed discipline, announced Friday, stems from allegations that Shelly Kerr released a student’s counseling records to the UO’s lawyers without the student’s permission. The student sought counseling after she said she was raped by three basketball players.
The rest of the article is here.
Showing posts with label Fine. Show all posts
Showing posts with label Fine. Show all posts
Tuesday, October 6, 2015
Thursday, July 11, 2013
WellPoint to pay $1.7 million HIPAA penalty
By Rachel Landen and Joseph Conn
ModernHealthcare.com
Published July 11, 2013
WellPoint, which serves nearly 36 million people through its affiliated health plans, has agreed to pay a $1.7 million penalty to HHS for potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996.
Between Oct. 23, 2009, and March 7, 2010, access to personal data for 612,402 people—their names, dates of birth, addresses, Social Security numbers, telephone numbers and health information—was made available to unauthorized users as the result of online security weaknesses, HHS said Thursday.
During an investigation of WellPoint's information systems, HHS' Office for Civil Rights found that the Indianapolis-based insurer had not enacted appropriate administrative, technical and physical safeguards for data as required by HIPAA.
The entire story is here.
ModernHealthcare.com
Published July 11, 2013
WellPoint, which serves nearly 36 million people through its affiliated health plans, has agreed to pay a $1.7 million penalty to HHS for potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996.
Between Oct. 23, 2009, and March 7, 2010, access to personal data for 612,402 people—their names, dates of birth, addresses, Social Security numbers, telephone numbers and health information—was made available to unauthorized users as the result of online security weaknesses, HHS said Thursday.
During an investigation of WellPoint's information systems, HHS' Office for Civil Rights found that the Indianapolis-based insurer had not enacted appropriate administrative, technical and physical safeguards for data as required by HIPAA.
The entire story is here.
Wednesday, May 29, 2013
Physician Congressman Fined for Having Sex With 2 Patients
By Robert Lowes
Medscape Medical News
Originally published on May 24, 2014
Rep. Scott DesJarlais, MD (R-TN), was fined $500 by the state medical board in Tennessee for having sexual relationships with 2 female patients in 2000, according to a consent order approved by the board on May 22.
The Board of Medical Examiners of Tennessee also reprimanded Dr. DesJarlais, characterizing his behavior as "unprofessional conduct."
Dr. DesJarlais, a general practitioner who was first elected to represent Tennessee's Fourth Congressional District in 2010, signed the consent order on May 20.
The consent order describes in bare-bones fashion what was laid out in voluminous detail about Dr. DesJarlais' personal life during and after his 2012 reelection campaign. From roughly January 2000 to May 2000, Dr. DesJarlais "had a sexual relationship with 2 female patients," the order states. "No documentation exists to show whether or not the physician-patient relationship was severed prior to the commencement of a romantic relationship with either female patient."
The board fined Dr. DesJarlais $250 for each patient. He also is responsible for the state's cost of prosecuting the case, up to $1000.
The rest of the story is here.
Medscape Medical News
Originally published on May 24, 2014
Rep. Scott DesJarlais, MD (R-TN), was fined $500 by the state medical board in Tennessee for having sexual relationships with 2 female patients in 2000, according to a consent order approved by the board on May 22.
The Board of Medical Examiners of Tennessee also reprimanded Dr. DesJarlais, characterizing his behavior as "unprofessional conduct."
Dr. DesJarlais, a general practitioner who was first elected to represent Tennessee's Fourth Congressional District in 2010, signed the consent order on May 20.
The consent order describes in bare-bones fashion what was laid out in voluminous detail about Dr. DesJarlais' personal life during and after his 2012 reelection campaign. From roughly January 2000 to May 2000, Dr. DesJarlais "had a sexual relationship with 2 female patients," the order states. "No documentation exists to show whether or not the physician-patient relationship was severed prior to the commencement of a romantic relationship with either female patient."
The board fined Dr. DesJarlais $250 for each patient. He also is responsible for the state's cost of prosecuting the case, up to $1000.
The rest of the story is here.
Wednesday, October 10, 2012
Reducing the Risk of a Breach of PHI from Mobile Devices
Latest HHS Fine Hits The Massachusetts Eye and Ear Infirmary
by Rick Kam, ID Experts
Originally published on September 26, 2012
The Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI), will pay $1.5 million to the Department of Health and Human Services (HHS) for potential violations of the HIPAA Security Rule. In the HHS release, they explain that it wasn’t just one issue or misstep that led to the fine, but rather a series of errors and inaction.
“…such as conducting a thorough analysis of the risk to the confidentiality of ePHI maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that MEEI created, maintained, and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices, and adopting and implementing policies and procedures to address security incident identification, reporting, and response.”
The entire story is here.
Wednesday, May 9, 2012
NY Fines 15 Insurers over Mental Health Notices
Associated Press
The Wall Street Journal
Originally published May 9, 2012
ALBANY, N.Y. — New York regulators have fined 15 insurers $2.7 million for failing to notify small businesses they were eligible to buy special coverage for mental illnesses and children with serious emotional disturbances.
Superintendent of Financial Services Benjamin Lawsky says they are the first fines under Timothy's Law, named for a teen who committed suicide after his parents were unable to obtain needed mental health treatment. The law took effect in 2007.
The rest of the story is here.
More information on Timothy's Law is here.
The Wall Street Journal
Originally published May 9, 2012
ALBANY, N.Y. — New York regulators have fined 15 insurers $2.7 million for failing to notify small businesses they were eligible to buy special coverage for mental illnesses and children with serious emotional disturbances.
Superintendent of Financial Services Benjamin Lawsky says they are the first fines under Timothy's Law, named for a teen who committed suicide after his parents were unable to obtain needed mental health treatment. The law took effect in 2007.
The rest of the story is here.
More information on Timothy's Law is here.
Friday, April 20, 2012
Cardiologists fined $100,000 for Internet privacy violations
By Ken Alltucker
The Republic - azcentral.com
Originally published April 17, 2012
The federal government has fined a Phoenix and Prescott cardiac surgeon medical practice $100,000 for posting patients' clinical and surgical appointment information on an Internet calendar that was available to the public.
The entire story is here.
The Republic - azcentral.com
Originally published April 17, 2012
The federal government has fined a Phoenix and Prescott cardiac surgeon medical practice $100,000 for posting patients' clinical and surgical appointment information on an Internet calendar that was available to the public.
The entire story is here.
Tuesday, March 20, 2012
Tennessee insurer to pay $1.5 million for breach-related violations
BlueCross BlueShield agrees to pay HHS for HIPAA violations tied to 2009 breach that exposed data on 1 million members
Computerworld
Originally published March 13, 2012
A 2009 data breach that has already cost BlueCross BlueShield of Tennessee nearly $17 million got a little more expensive Tuesday.
The insurer today agreed to pay $1.5 million to the U.S. Department of Health and Human Services (HHS) to settle Health Insurance Portability and Accountability Act (HIPAA) violations related to the breach.
Under the settlement, BlueCross BlueShield has also agreed to review and revise its privacy and security policies and to regularly train employees on their responsibilities under the HIPAA of 1996.
The settlement is the first resulting from enforcement action taken by the HHS under Health Information Technology for Economic and Clinical Health (HITECH) breach notification requirements.
The notification rules require all HIPAA-covered entities to notify affected individuals of any breach involving their health information. It also requires them to notify the HHS and the media in cases where the breach affects more than 500 people.
Leon Rodriguez, director of the HHS Office for Civil Rights (OCR) said the settlement underscores the department's intent to vigorously enforce HIPAA's security and privacy rules.
"This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program," Rodriguez said in a statement.
Saturday, December 3, 2011
Merck to Pay $950 Million Over Vioxx
By Duff Wilson
The New York Times
Merck has agreed to pay $950 million and has pleaded guilty to a criminal charge over the marketing and sales of the painkiller Vioxx, the company and the Justice Department said Tuesday.
The negotiated settlement, which includes resolution of civil cases, was the latest of a series of fraud cases brought by federal and state prosecutors against major pharmaceutical companies.
By the time Vioxx, which was approved by the Food and Drug Administration in 1999, was pulled off the market in 2004 because evidence showed that it posed a substantial heart risk, about 25 million Americans had taken the drug.
In a statement on Tuesday, Merck said that it had previously disclosed the seven-year investigation by the United States attorney in Massachusetts and had charged $950 million against its earnings in October 2010.
Merck agreed to pay a $321 million criminal fine and plead guilty to one misdemeanor count of illegally introducing a drug into interstate commerce, the Justice Department said in a news release. The charge arose from Merck’s promotion of Vioxx to treat rheumatoid arthritis before the Food and Drug Administration approved it for that purpose in 2002.
(cut)
No person was held liable for Merck’s conduct. “It’s just a cost of doing business until a pharmaceutical executive does a perp walk,” said Erik Gordon, a pharmaceutical analyst and clinical assistant professor at the Ross School of Business at the University of Michigan.
The whole story is here.
The New York Times
The negotiated settlement, which includes resolution of civil cases, was the latest of a series of fraud cases brought by federal and state prosecutors against major pharmaceutical companies.
By the time Vioxx, which was approved by the Food and Drug Administration in 1999, was pulled off the market in 2004 because evidence showed that it posed a substantial heart risk, about 25 million Americans had taken the drug.
In a statement on Tuesday, Merck said that it had previously disclosed the seven-year investigation by the United States attorney in Massachusetts and had charged $950 million against its earnings in October 2010.
Merck agreed to pay a $321 million criminal fine and plead guilty to one misdemeanor count of illegally introducing a drug into interstate commerce, the Justice Department said in a news release. The charge arose from Merck’s promotion of Vioxx to treat rheumatoid arthritis before the Food and Drug Administration approved it for that purpose in 2002.
(cut)
No person was held liable for Merck’s conduct. “It’s just a cost of doing business until a pharmaceutical executive does a perp walk,” said Erik Gordon, a pharmaceutical analyst and clinical assistant professor at the Ross School of Business at the University of Michigan.
The whole story is here.
Friday, September 16, 2011
Info dump yields $40K settlement
By Bryan Cohen
Legal Newsline
North Carolina Attorney General Roy Cooper announced on Wednesday that a Charlotte doctor has paid $40,000 for allegedly dumping files that contained patients' financial and medical information.
Dr. Ervin Batchelor owns and operates the Carolina Center for Development and Rehabilitation, which is a psychological testing and treatment facility located in Charlotte. In June 2010, the facility allegedly disposed of 1,000 patient files illegally by dumping them at the West Mecklenburg Recycling Center.
The files allegedly contained health information, insurance account numbers, drivers' license numbers, Social Security numbers, dates of birth, addresses and names for 1,600 people.
"Any business you entrust with your information has a duty to keep it safe," Cooper said. "Sensitive financial and health information should never be carelessly dumped, putting customers and patients at risk of identity theft."
Under a state law Cooper pushed through the General Assembly in 2005, businesses that dispose of records containing personal identifying information must destroy or shred those records so that identity thieves can't retrieve information from discarded files that have been carelessly thrown away. Medical records also face added restrictions under federal health privacy laws.
The Carolina Center records were recovered by Mecklenburg County, N.C., officials, who contacted Cooper's office.
As part of a settlement, Batchelor paid $40,000 and agreed to abide by both federal and state laws that protect people's personal financial and health information.
The Carolina Center has already notified the patients whose information was placed at risk. State law requires businesses, as well as state and local government agencies, to notify consumers if a security breach may have put their personal information at risk. The breaches of security must also be reported to the Consumer Protection Division. Since state laws on security breaches took effect in 2005 and 2006, a total of 889 breaches involving information and more than 3.3 million state consumers have been reported.
Cooper's CPD has won settlements in multiple other document dumping cases, including against a Gastonia, N.C., movie rental store, two mortgage lenders from the Charlotte area and a Greensboro, N.C., urgent care clinic.
Legal Newsline
Dr. Ervin Batchelor owns and operates the Carolina Center for Development and Rehabilitation, which is a psychological testing and treatment facility located in Charlotte. In June 2010, the facility allegedly disposed of 1,000 patient files illegally by dumping them at the West Mecklenburg Recycling Center.
The files allegedly contained health information, insurance account numbers, drivers' license numbers, Social Security numbers, dates of birth, addresses and names for 1,600 people.
"Any business you entrust with your information has a duty to keep it safe," Cooper said. "Sensitive financial and health information should never be carelessly dumped, putting customers and patients at risk of identity theft."
Under a state law Cooper pushed through the General Assembly in 2005, businesses that dispose of records containing personal identifying information must destroy or shred those records so that identity thieves can't retrieve information from discarded files that have been carelessly thrown away. Medical records also face added restrictions under federal health privacy laws.
The Carolina Center records were recovered by Mecklenburg County, N.C., officials, who contacted Cooper's office.
As part of a settlement, Batchelor paid $40,000 and agreed to abide by both federal and state laws that protect people's personal financial and health information.
The Carolina Center has already notified the patients whose information was placed at risk. State law requires businesses, as well as state and local government agencies, to notify consumers if a security breach may have put their personal information at risk. The breaches of security must also be reported to the Consumer Protection Division. Since state laws on security breaches took effect in 2005 and 2006, a total of 889 breaches involving information and more than 3.3 million state consumers have been reported.
Cooper's CPD has won settlements in multiple other document dumping cases, including against a Gastonia, N.C., movie rental store, two mortgage lenders from the Charlotte area and a Greensboro, N.C., urgent care clinic.
Subscribe to:
Posts (Atom)