Filming for TV Show Results in HIPAA Violation and $2.2 Million Settlement Paid by New York Presbyterian Hospital
It’s not uncommon for “covered entities” such as hospitals and health systems to violate the Privacy Rule under the Health Insurance Portability and Protection Act of 1996 (“HIPAA”). A stolen laptop or misplaced file can expose information that should be protected. Rarely, however, does a violation arise from the filming of a television show. But that’s exactly what happened in the case of New York Presbyterian Hospital (“NYP”), which recently entered into a settlement with the Department of Health and Human Services, Office for Civil Rights (“OCR”) for $2.2 million.
NYP allowed “NY Med,” an ABC television series, to film on-site without first obtaining patient authorization. OCR explained in a news release that NYP allowed the show to film someone who was dying and another in distress, even after being asked to stop by a medical professional. OCR characterized the disclosures as “egregious” and stated that by revealing the patients’ protected health information (PHI), NYP’s actions “blatantly violate the HIPAA Rules.”
OCR also found that NYP failed to safeguard PHI by allowing the film crew “virtually unfettered” access to its facility. In addition to the $2.2 million payment, as part of the settlement OCR will monitor NYP for two years to help ensure NYP remains compliant with its HIPAA obligations.
This settlement is an important reminder to HIPAA covered entities and their business associates regarding the proper care and safeguarding of PHI. Certainly covered entities should think twice about allowing film crews into their facilities. If they do, the environments in which they film must be tightly controlled. As a starting point, covered entities should carefully review the FAQ sheet issued by OCR addressing situations involving media access to PHI.
To avoid investigations, fines and other negative consequences, it is critical for covered entities to ensure their policies and procedures are in compliance with HIPAA’s requirement.
Share
Categories
- Domain Name Registration
- Contracts
- Cybersecurity
- Tax
- Tax Disputes
- Financing
- Licensing
- Electronic Health Records
- Legislative Updates
- Digital Assets
- Employment
- IT Contracts
- Distribution
- Social Media
- Regulations
- HIPAA
- Retirement
- Hospice
- Employee Benefits
- Department of Labor
- National Labor Relations Board
- Artificial Intelligence (AI)
- Entity Planning
- Entity Selection, Organization & Planning
- Lawsuit
- Cloud Computing
- Privacy
- Copyright
- Estate Planning
- News
- Startup
- Alerts and Updates
- Venture Capital/Funding
- Chapter 11
- Did you Know?
- Defamation
- Technology
- Personal Publicity Rights
- Trademarks
- Sales Tax
- Liability
- Fraud & Abuse
- Intellectual Property
- Corporate Transparency Act (CTA)
- E-Commerce
- Compliance
- Elder Law
- Labor Relations
- Trade Secrets
- Hospitals
- Inspirational
- Billing/Payment
- Insurance
- Mergers & Acquisitions
- Criminal
- Sales/Disputes
- Crowdfunding
- Patents