Day Pitney remains committed to providing quality legal counsel, while protecting our clients and employees, and transforming our communities into more just, equal and equitable spaces. For more information, please visit our COVID-19 Resource Center | Racial Justice and Equity Task Force.


In the News Press Release

Hospital Hit With $3.2M Penalty for Ongoing Health Data Security Lapses

Publisher: Bloomberg BNA's Privacy Law Watch
February 2, 2017

Eric Fader was quoted in an article, "Hospital Hit With $3.2M Penalty for Ongoing Health Data Security Lapses," in Bloomberg BNA's Privacy Law Watch. The article reported that Children's Medical Center of Dallas was hit with a $3.2 million civil money penalty by the Department of Health and Human Services' Office for Civil Rights (OCR) after years of noncompliance with HIPAA rules and after failing to request a hearing on the penalty. The hospital filed data breach reports with OCR as early as 2010 but kept using unencrypted laptops and other mobile devices until 2013, notwithstanding that the breaches involved the loss of unencrypted devices containing protected health information and that prior internal analyses had recommended encryption. Fader told Bloomberg BNA that he was "truly astounded" that the hospital didn't submit a request for a hearing within the prescribed time period in an attempt to reduce the penalty amount. He also said the hospital was lucky that OCR deemed the violations weren't due to willful neglect. "I have to say, being told in 2007 and 2008 that you need to encrypt your devices but not doing so until 2013, despite uncovering several data breaches in the interim, sure seems like willful neglect to me," Fader said. Fader also told Bloomberg BNA he was shocked that the hospital compounded its violations by apparently not taking the regulatory process seriously.

Related Professionals
New York, NY
T: (212) 297 2413