The federal government takes a very serious and firm stand on compliance with its laws and regulations. Government laws designed to protect the average American include ERISA, ACA, and HIPAA. Strict attention to detail may help your company avoid the costly mistakes three Boston hospitals made while participating in the filming of an ABC medical documentary.

HIPAA Violations Happen

The Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) prevents inappropriate disclosure of Americans’ confidential health care information, including through data breaches. HIPAA also protects workers against discrimination when enrolling for health insurance.

The Office of Civil Rights (“OCR”), part of the U.S. Department of Health & Human Services investigates complaints of HIPAA violations. As of July 31, 2018, the OCR had received more than 186,453 HIPAA complaints with 96% of the claims being resolved. Their investigations resulted in more than 905 compliance reviews. While corrective actions were not taken in many of the cases, the OCR imposed penalties in 55 cases for a total of $78,829,182.

Violations and compliance issues that resulted in penalties included:

  • Lack of security over protected health information;
  • Patients restricted from access to their protected health information;
  • Administrative safeguards of electronic protected health information not in place; and
  • Use and disclosure of protected health information.

The last violation – disclosure of protected health information – occurred during the filming of a medical documentary.

How the Hospital and Film Crew Violated HIPAA

Three Boston hospitals – Boston Medical Center, Brigham and Women’s Hospital, and Massachusetts General Hospital – participated in an ABC medical documentary series. While doing so, they allowed film crews to roam the hospital obtaining footage that included patients of the hospitals.

Unfortunately, the hospitals failed to ask patients for permission. This failure led to violations of HIPAA in that patients’ identities and protected health information were disclosed.

Those violations, in turn, led to an investigation by the OCR and HIPAA settlements totaling $999,000.

Is it Possible to Inadvertently Fall into HIPAA Violations?

Yes, it is. Understanding sprawling government regulations is not easy, but non-compliance is costly.