Advanced Care Hospitalists pays $500,000 fine for violating HIPAA
Multispecialty group Advanced Care Hospitalists has agreed to pay a $500,000 fine to HHS for sharing patient information with a third-party vendor without proper safeguards in place. That action resulted in the breach of data from as many as 9,000 patients, according to HHS.
Between November 2011 and June 2012, Advanced Care Hospitalists worked with someone who said he was from third-party billing company Doctor’s First Choice Billings. The Lakeland, Fla.-based physician group gave the person protected health information for processing bills, according to an HHS investigation. Then, in February 2014, a hospital told Advanced Care that personal, demographic and clinical information from its patients was listed on the billing company’s website. But the two organizations did not have in place a business associate agreement, used by covered entities to allow them, under HIPAA, to share protected health information with third parties.
HHS also found that Advanced Care, operational since 2005, had not conducted a risk analysis or implemented security safeguards until after the breach.
In addition to the fine, Advanced Care agreed to a corrective action plan. The physician group, which was not immediately available for comment, did not admit to any wrongdoing.