Sentara Settles HIPAA Breach Violation Case

Dec. 1, 2019
OCR’s investigation determined that Sentara mailed 577 patients’ PHI to wrong addresses

The U.S Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced that Sentara Hospitals has agreed to take corrective actions and pay $2.175 million to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification and Privacy Rules.

Norfolk, Va.-based Sentara has 12 hospitals serving Virginia and northeastern North Carolina.

In April 2017, HHS received a complaint alleging that Sentara had sent a bill to an individual containing another patient’s protected health information (PHI). OCR’s investigation determined that Sentara mailed 577 patients’ PHI to wrong addresses that included patient names, account numbers, and dates of services. 

Sentara reported this incident as a breach affecting eight individuals, because Sentara concluded, incorrectly, that unless the disclosure included patient diagnosis, treatment information or other medical information, no reportable breach of PHI had occurred.  OCR claims that Sentara persisted in its refusal to properly report the breach even after being explicitly advised of their duty to do so by OCR.

OCR also determined that Sentara failed to have a business associate agreement in place with Sentara Healthcare, an entity that performed business associate services for Sentara.

“HIPAA compliance depends on accurate and timely self-reporting of breaches because patients and the public have a right to know when sensitive information has been exposed.” said Roger Severino, OCR Director, in a statement.  “When healthcare providers blatantly fail to report breaches as required by law, they should expect vigorous enforcement action by OCR.”

In addition to the monetary settlement, Sentara will undertake a corrective action plan that includes two years of monitoring. 

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?