Mass General and Two Other Hospitals in Boston Fined for HIPAA Violations | New England IT PartnersOn September 20, 2018 the Department of Health and Human Services Office for Civil Rights levied a massive fine and detailed their findings after an investigation into three of the most prestigious hospitals in Massachusetts. Boston Medical Center, Brigham and Women’s Hospital, and Massachusetts General Hospital were all fined a total of $999,000 as reparation for violating HIPAA regulations related to personal health information of their clients.

All three hospitals allowed ABC film crews onto the premises without notification and/or authorization from patients. Here is the breakdown of what the investigations found and the punishments that their transgressions led to.

The Fines

Boston Medical Center entered into an agreement to pay $100,000 after the investigation found that the hospital had impermissibly disclosed client health information to ABC employees without the consent of their patients, thus putting the hospital in violation of HIPAA regulations.

Although Brigham and Women’s Hospital did have ABC employees go through HIPAA privacy training and conducted a review of patient privacy, the Office for Civil Rights found that nearly half of the written authorization forms signed by patients were received AFTER their patient health information had already been disclosed. Brigham and Women’s Hospital settled with the OCR for a fine of $384,000 as restitution for their HIPAA violations.

Massachusetts Generel Hospital was levied the heftiest fine out of the tree hospitals, by agreeing to pay the exorbitant fine of $515,000 issued by the OCR for similar violations to the Brigham and Women’s Hospital scenario. As such, the ABC films crews not only went through the HIPAA privacy training but also conducted a review of the patient privacy issues, between October 2014 and January 2015. Although they had gone through the proper protocols and procedures, the HIPAA violation came when they received patient authorization after the disclosure of the patient health information was made to the crew. They also failed to implement reasonable and necessary safeguards for all patient health information during the shooting of the show.

We've Seen This Before

This is not the first time that the Human Services Office for Civil Rights has investigated a major hospital for HIPAA breaches and violations. In 2016, we saw New York Presbyterian Hospital fined for HIPAA violations that resulted from the filming of "NY Med".

During the filming of this show, the crew improperly filmed two patients who never provided consent to do so. During and throughout the investigation, it became clear that New York Presbyterian Hospital left the film crew "unfettered access" of the healthcare facility with little, to no safeguards in place for the privacy of their patients ,"effectively creating an environment where PHI could not be protected from impermissible disclosure to the ABC film crew and staff."

The Office for Civil Rights levied its 8th largest fine in the organization's history by penalizing New York Presbyterian Hospital, $2.2 Million for their malfeasance.