Houston’s Memorial Hermann to pay $2.4 million in HIPAA settlement
Memorial Hermann Health System will pay the HHS $2.4 million to settle allegations that it disclosed protected patient information without authorization.
The 16-hospital not-for-profit system potentially violated the Health Insurance Portability and Accountability Act by using a patient’s name in a September 2015 news release about an incident involving an allegedly fraudulent ID card. The patient had provided Memorial Hermann clinic staff with the ID card and was later arrested.
Although HIPAA allows providers to give law enforcement a patient’s protected health information, using the patient’s name in the news release and in subsequent discussions with lawmakers and advocacy groups about the incident violates the law.
The Houston-based health system reprimanded the employees who released the information but failed to document the punishment in a timely manner, HHS said in its resolution agreement.