09/21/2018
cid:image001.jpg@01D15E72.2A58A430
Unauthorized Disclosure of Patients’ Protected Health Information During “Boston Med” Filming Results in Multiple HIPAA Settlements Totaling $999,000
September 20, 2018
Today, the Department of Health and Human Services, Office for Civil Rights (OCR) announced that it has reached separate settlements with Boston Medical Center (BMC), Brigham and Women's Hospital (BWH), and Massachusetts General Hospital (MGH) for compromising the privacy of patients’ protected health information (PHI) by inviting film crews on premises to film “Boston Med,” an ABC television network documentary series, without first obtaining authorization from patients. Collectively, the three entities paid OCR $999,000 to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
This is the second HIPAA case involving an ABC medical documentary television series, the previous being OCR’s April 16, 2016 settlement with New York-Presbyterian Hospital in association with the filming of “NY Med.”
To resolve potential HIPAA violations, BMC has paid OCR $100,000, BWH has paid OCR $384,000, and MGH has paid OCR $515,000. Each entity will provide workforce training as part of a corrective action plan that will include OCR’s guidance on disclosures to film and media: http://www.hhs.gov/hipaa/for-professionals/faq/2023/film-and-media/index.html.
The respective Resolution Agreements and Corrective Action Plans may be found on the HHS website at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/bostonmed/index.html
Follow HHS OCR on Twitter at http://twitter.com/HHSOCR exit disclaimer icon
# # #
________________________________________________________________________________________________________ This email is being sent to you from the OCR-Privacy-List listserv, operated by the Office for Civil Rights (OCR) in the US Department of Health and Human Services. This is an announce-only list, a resource to distribute information about the HIPAA Privacy and Security Rules. For additional information on a wide range of topics about the Privacy and Security Rules, please visit the OCR Privacy website at http://www.hhs.gov/ocr/privacy/index.html. You can also call the OCR Privacy toll-free phone line at (866) 627-7748. Information about OCR's civil rights authorities and responsibilities can be found on the OCR home page at http://www.hhs.gov/ocr/office/index.html. If you believe that a person or organization covered by the Privacy and Security Rules (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy or Security Rules, you may file a complaint with OCR. For additional information about how to file a complaint, visit OCR's web page on filing complaints at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html. To subscribe to or unsubscribe from the list serv, go to https://list.nih.gov/cgi-bin/wa.exe?SUBED1=OCR-PRIVACY-LIST&A=1.
This screen allows you to subscribe or unsubscribe to the OCR-PRIVACY-LIST list. To confirm your identity and prevent third parties from subscribing you to a list against your will, an email message with a confirmation code will be sent to the address you specify. Simply wait for this message to arr...
