Court Sends OCR back to the Drawing Board on HIPAA Enforcement

January 21, 2021

 – Episode #


Interesting ruling by the 5th Circuit US Court of Appeals out of Louisiana. They vacated a $4.3M HIPAA penalty against MD Anderson Cancer Center. What does this mean?

In a ruling that could have a profound impact on HIPAA enforcement, a U.S. Court of Appeals has vacated a $4.3 million HIPAA civil monetary penalty levied by federal regulators against the University of Texas MD Anderson Cancer Center in the wake of three breaches involving unencrypted mobile devices. The court called the penalty “arbitrary, capricious and contrary to law.”

Among the reasons for vacating the penalty, the court noted that MD Anderson at the time of the incidents had in place a “mechanism” to encrypt PHI on mobile devices, but three employees failed to use the encryption control before the laptop and two USB drives vanished.

The court also criticized how HHS calculated the financial penalty.

“The ruling undermines the entire OCR enforcement approach, indicating that it is arbitrary and capricious for OCR to select a few cases for financial enforcement if the result is that similar fact patterns are enforced differently.”

More Recent Episodes

Share this clip:

Share on linkedin
Share on twitter
Share on facebook
Share on email

Today's Show Sponsor

Want to tune in on your favorite listening platform? Don't forget to subscribe!

Thank You to Our Show Sponsors

Amplify great thinking to propel healthcare forward and raise up the next generation of health leaders.

© Copyright 2021 Health Lyrics All rights reserved