A May 11 article, "Texas Health System Pays $2.4M to Settle Unauthorized Patient Disclosure," in Bloomberg BNA's Privacy Law Watch and other publications discussed the $2.4 million settlement that Memorial Hermann Health System reached with the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) after it disclosed a patient's identity in a press release without authorization. Day Pitney healthcare attorney Eric Fader was quoted in the article.

While one might assume that the OCR must have already covered all possible types of HIPAA violations in its press releases on settlements, Eric told Bloomberg BNA, this settlement illustrates that the agency is continually coming up with new wrinkles. "This settlement is the clearest example I've seen of the principle that the egregiousness of the conduct matters more than the number of individuals affected," he said, "and I have no doubt that the OCR, in making the settlement the subject of a press release, intended to drive home this exact point."

Eric added that Memorial Hermann's size and perceived ability to pay were likely factors in determining the settlement amount. The health system includes 16 hospitals, 5,500 affiliated physicians and 24,000 employees. Eric also stressed that, as OCR Director Roger Severino stated in the agency's press release, in a large system like Memorial Hermann, someone in senior management should have understood HIPAA well enough to recognize the danger of publicly disclosing a patient's name in press releases and meetings.


For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.


Click here for more Healthcare Blogs from Day Pitney

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.