Interest Groups

OCR Secures $2.175 Million HIPAA Settlement after Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information - Health Care and Life Sciences News

Get the news you want the way you want it: click the RSS button in the right corner to add this feed to your RSS reader, or click here to subscribe to this content. By subscribing, you’ll find this news on your Member Account page, and the latest articles will be emailed to you in your customized IndyBar E-Bulletin e-newsletter.

Health Care and Life Sciences News

Posted on: Dec 19, 2019

Intro by Madison Hartman, IU McKinney

The Office for Civil Rights (OCR) and the U.S. Department of Health and Human Services (HHS) has ordered Sentara Hospitals to pay $2.175 million to settle potential HIPAA violations. Sentara Hospitals, which operates more than 300 sites throughout Virginia and North Carolina, was accused of HIPPA violations in April of 2017.

The complaint that HHS received regarding the violation alleged that the hospital system had sent a bill to an individual containing another patient’s protected health information (PHI). In its investigation of the complaint, OCR discovered that Sentara had mailed 577 patients’ PHI to wrong addresses, even though Sentara only reported that the incident affected 8 patients. Sentara reported the incident in this way because only the patients’ names, account numbers and dates of services were revealed, and Sentara wrongly believed that because the disclosure did not include diagnosis or treatment information, that it was not a violation of HIPAA. This hefty fine will surely be a wakeup call to other hospital systems to ensure that they are compliant with the time-sensitive self-reporting requirements of HIPAA.

Read more.

If you would like to submit content or write an article for the Health Care & Life Sciences Section, please email Kara Sikorski at


Indianapolis Bar Association (IndyBar) est. 1878 | 4,536 Members (as of 2.11.21)