An academic medical center in New York agreed to pay $80,000 as part of a settlement with the Department of Health and Human Services’ Office for Civil Rights (OCR) for potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Saint Joseph’s Medical Center impermissibly disclosed the protected health information of Covid-19 patients to the Associated Press (AP) for an article on its response to the public health emergency, the OCR said in a press release Monday.

The details: In April 2020, Saint Joseph’s allowed an AP reporter to observe three patients being treated for Covid-19. The media outlet’s article included photographs and information about the facility’s patients that was presented without their consent.

“These images were distributed nationally, exposing protected health information including patients’ Covid-19 diagnoses, current medical statuses and medical prognoses, vital signs, and treatment plans,” said the OCR.

The agency found Saint Joseph’s potentially violated HIPAA’s privacy rule.

Compliance considerations: Saint Joseph’s agreed to implement a corrective action plan requiring it to develop written policies and procedures that comply with the privacy rule. The medical center must also train its employees on the revised policies and procedures.

Saint Joseph’s will be subject to monitoring by the OCR for two years to ensure compliance under the plan.

Saint Joseph’s did not respond to a voicemail requesting comment. The medical center did not admit liability in reaching settlement.

Kyle Brasseur is Editor in Chief of Compliance Week. His background includes expertise in user personalization with ESPN.com.View full Profile

More from Kyle Brasseur

Topics