Stiff Price to Pay for Snooping


June 30, 2023

On June 15, 2023, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a $240,000 settlement with a hospital based upon the OCR’s findings that hospital security guards used their official log-in credentials to access and “snoop” into medical records of 419 patients who visited the hospital’s emergency department without a job-related purpose. In addition to the settlement payment, the resolution agreement entered into between the hospital and the OCR required the organization to implement a corrective action plan to bring the organization into HIPAA compliance and two years of OCR monitoring.

The settlement should serve as a reminder to health care providers of the need to have in place a robust and active HIPAA compliance program that includes routine monitoring of employee activity in electronic medical record systems and employee discipline for non-compliance.

Click Here to read the entire June 2023 Healthcare Law Update now!

If you need assistance with your HIPAA compliance program, an OCR investigation, or a data breach incident, please contact:
Lani M. Dornfeld, CHPC | 973.403.3136 |

Attorney Advertising: This publication is designed to provide Brach Eichler LLC clients and contacts with information they can use to more effectively manage their businesses. The contents of this publication are for informational purposes only. Neither this publication nor the lawyers who authored it are rendering legal or other professional advice or opinions on specific facts or matters. Brach Eichler LLC assumes no liability in connection with the use of this publication.

*This is intended to provide general information, not legal advice. Please contact the authors if you need specific advice.

Related Practices:   Healthcare Law

Related Attorney:   Lani M. Dornfeld

Related Industry:   Healthcare