New Record for HIPAA Settlement hits $4.8 Million
Jamie Scott

New York and Presbyterian Hospital (“Presbyterian”) and Columbia University (“Columbia”) are affiliated as the New York Presbyterian Hospital/Columbia University Medical Center.  According to a recent report published by the HHS Office of Civil Rights (“OCR”), Presbyterian and Columbia are separate covered entities under which Columbia faculty members serve as attending physicians at Presbyterian. Presbyterian and Columbia operate a shared data network and a shared network firewall that links to Presbyterian patient information systems.

The OCR investigation found that a physician employed by Columbia attempted to deactivate a personally-owned computer server on the network. Something went terribly wrong, because deactivation of the server resulted in the electronic PHI of 6,800 individuals being accessible on internet search engines. The potential disclosure included patient status, vital signs, medications and lab results.

In order to resolve the HIPAA violation with OCR, Presbyterian has agreed to a settlement amount of $3,300,000 and Columbia has agreed to an additional payment of $1,500,000.  In addition, each agreed to take other corrective actions. This is the largest HIPAA settlement to date for a single event. The Resolution Agreements containing more details can be found here and here

Search this Blog

Media Contact


Recent Posts

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.