Illinois-based Presence Health agreed to pay HHS' Office for Civil Rights a settlement totaling $475,000 over claims that the health system violated HIPAA.
Here are four things to know:
1. Presence filed a breach notification report on Jan. 31, 2014, to OCR after the health system noted operating room schedules were missing from Joliet, Ill.-based Presence St. Joseph Medical Center's Presence Surgery Center.
2. The operating room schedules featured the personal information of 836 patients, including their names, birthdates, medical record numbers, procedures' dates and types, surgeon names and anesthesia types.
3. State law requires a healthcare facility to report to OCR within 60 days of uncovering the breach. Following OCR's investigation into Presence Health, OCR found Presence violated the law by failing to meet this time frame.
4. Therefore, the health network agreed to pay OCR a $475,000 fine.
When contacted for comment, a Presence Health spokesperson issued the following comment to Becker's Hospital Review: "Because patient privacy is a top priority at Presence Health, we are working diligently with the OCR on all steps required under the corrective action plan, including additional associate training in HIPAA policies and procedures. This is the culmination of a several year process working with the OCR to resolve a matter we voluntarily reported to the OCR in 2014 related to an isolated incident involving paper records at a surgery center located in Joliet, Ill. This incident did not involve any electronic records and did not involve any disclosure of patient contact or financial information. We are confident that reports on our progress to quickly implement revised policies and procedures will be positive."