Unauthorized Disclosure of Patients’ Protected Health Information During “Boston Med” Filming Results in Multiple HIPAA Settlements Totaling $999,000

Today, the Department of Health and Human Services, Office for Civil Rights (OCR) announced that it has reached separate settlements with Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH) for compromising the privacy of patients’ protected health information (PHI) by inviting film crews on premises to film “Boston Med,” an ABC television network documentary series, without first obtaining authorization from patients. Collectively, the three entities paid OCR $999,000 to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

This is the second HIPAA case involving an ABC medical documentary television series, the previous being OCR’s April 16, 2016 settlement with New York-Presbyterian Hospital in association with the filming of “NY Med.”

“Patients in hospitals expect to encounter doctors and nurses when getting treatment, not film crews recording them at their most private and vulnerable moments,” said Roger Severino, OCR director. “Hospitals must get authorization from patients before allowing strangers to have access to patients and their medical information.”

To resolve potential HIPAA violations, BMC has paid OCR $100,000, BWH has paid OCR $384,000, and MGH has paid OCR $515,000. Each entity will provide workforce training as part of a corrective action plan that will include OCR’s guidance on disclosures to film and media: http://www.hhs.gov/hipaa/for-professionals/faq/2023/film-and-media/index.html.

The respective Resolution Agreements and Corrective Action Plans may be found on the HHS website at:

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/bostonmed/index.html