DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Careless handling of HIV information jeopardizes patient’s privacy, costs St. Luke’s-Roosevelt Hospital Center $387k

Posted on May 23, 2017 by Dissent

The U.S. Department of Health & Human Services(HHS), Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on impermissible disclosure of protected health information (PHI). St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) has paid HHS $387,200 to settle potential violations of the HIPAA Privacy Rule and agreed to implement a comprehensive corrective action plan. St. Luke’s operates the Institute for Advanced Medicine, formerly Spencer Cox Center for Health (the Spencer Cox Center), which provides comprehensive health services to persons living with HIV or AIDS and other chronic diseases. St. Luke’s is 1 of 7 hospitals that comprise the Mount Sinai Health System (MSHS).

In September 2014, OCR received a complaint alleging that a staff member from the Spencer Cox Center impermissibly disclosed the complainant’s PHI to the complainant’s employer. This impermissible disclosure included sensitive information concerning HIV status, medical care, sexually transmitted diseases, medications, sexual orientation, mental health diagnosis, and physical abuse. OCR’s subsequent investigation revealed that staff at the Spencer Cox Center impermissibly faxed the patient’s PHI to his employer rather than sending it to the requested personal post office box. Additionally, OCR discovered that the Spencer Cox Center was responsible for a related breach of sensitive information that occurred nine months prior to the aforementioned incident but had not addressed the vulnerabilities in their compliance program to prevent impermissible disclosures.

The Resolution Agreement and Corrective Action Plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/StLukes/index.html

SOURCE: HHS

Related posts:

  • HIPAA Security Rule Facility Access Controls – What are they and how do you implement them?
  • HHS Office for Civil Rights Imposes a $240,000 Civil Monetary Penalty Against Providence Medical Institute in HIPAA Ransomware Cybersecurity Investigation
  • HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million
  • HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000
Category: Health DataOf NoteU.S.

Post navigation

← Medical device containing patient information stolen from DePaul Hospital
1.5 million students’ data leaked online, put up for sale for up to Rs60,000 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
  • Senator Chides FBI for Weak Advice on Mobile Security
  • Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks
  • Kelly Benefits updates its 2024 data breach report: impacts 550,000 customers
  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban
  • 20 States Sue HHS to Stop Medicaid Data Sharing with ICE
  • Kids are making deepfakes of each other, and laws aren’t keeping up
  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.