Healthcare Risk Management: Richard Sheinis on Overturning of $4.3 Million HIPAA Violation Penalty

In an article published by Healthcare Risk Management on February 5, 2021, Partner Richard Sheinis is quoted discussing lessons learned from a $4.3 million HIPAA violation penalty that was overturned.

The penalty was imposed on the University of Texas M.D. Anderson Cancer Center by the Department of Health and Human Services’ Office for Civil Rights in response to data breaches reported by the hospital in 2013 and 2014 that involved the loss or theft of 29,021 individuals’ protected health information (PHI).

According to Sheinis, “the 5th Circuit decision shows HHS does not have the final word when imposing penalties.”

“This will be an important factor for determining if there was a HIPAA breach when a medical provider loses control of PHI, but there is no evidence that it was accessed by an unauthorized person,” he says.

For the full article, click here.