Filming for TV Show Results in HIPAA Violation and $2.2 Million Settlement Paid by New York Presbyterian Hospital
It’s not uncommon for “covered entities” such as hospitals and health systems to violate the Privacy Rule under the Health Insurance Portability and Protection Act of 1996 (“HIPAA”). A stolen laptop or misplaced file can expose information that should be protected. Rarely, however, does a violation arise from the filming of a television show. But that’s exactly what happened in the case of New York Presbyterian Hospital (“NYP”), which recently entered into a settlement with the Department of Health and Human Services, Office for Civil Rights (“OCR”) for $2.2 million.
NYP allowed “NY Med,” an ABC television series, to film on-site without first obtaining patient authorization. OCR explained in a news release that NYP allowed the show to film someone who was dying and another in distress, even after being asked to stop by a medical professional. OCR characterized the disclosures as “egregious” and stated that by revealing the patients’ protected health information (PHI), NYP’s actions “blatantly violate the HIPAA Rules.”
OCR also found that NYP failed to safeguard PHI by allowing the film crew “virtually unfettered” access to its facility. In addition to the $2.2 million payment, as part of the settlement OCR will monitor NYP for two years to help ensure NYP remains compliant with its HIPAA obligations.
This settlement is an important reminder to HIPAA covered entities and their business associates regarding the proper care and safeguarding of PHI. Certainly covered entities should think twice about allowing film crews into their facilities. If they do, the environments in which they film must be tightly controlled. As a starting point, covered entities should carefully review the FAQ sheet issued by OCR addressing situations involving media access to PHI.
To avoid investigations, fines and other negative consequences, it is critical for covered entities to ensure their policies and procedures are in compliance with HIPAA’s requirement.
Share
Categories
- National Labor Relations Board
- Compliance
- Financing
- Tax Disputes
- Department of Labor
- Alerts and Updates
- Insurance
- Entity Selection, Organization & Planning
- Intellectual Property
- Lawsuit
- Cybersecurity
- HIPAA
- Copyright
- Licensing
- Contracts
- Technology
- Employee Benefits
- Startup
- Retirement
- Billing/Payment
- Did you Know?
- Inspirational
- Legislative Updates
- Hospice
- Digital Assets
- Domain Name Registration
- Social Media
- Hospitals
- Personal Publicity Rights
- Privacy
- Corporate Transparency Act (CTA)
- Entity Planning
- Regulations
- Trade Secrets
- Defamation
- Chapter 11
- News
- Artificial Intelligence (AI)
- Electronic Health Records
- Trademarks
- Patents
- Crowdfunding
- Employment
- IT Contracts
- Liability
- Sales/Disputes
- Fraud & Abuse
- Sales Tax
- Cloud Computing
- Criminal
- Mergers & Acquisitions
- Venture Capital/Funding
- Distribution
- E-Commerce
- Tax
- Labor Relations