Privacy & Security

Lincare to pay $240,000 HIPAA fine over handling of protected health information

Employees of the company routinely took documents from its offices to work in patients' homes.
By Bernie Monegain
February 08, 2016
09:28 AM

Respiratory care provider Lincare has been ordered to pay $239,800 in penalties for violating the HIPAA Privacy Rule.

An administrative law judge ruled in favor of the Office for Civil Rights, which is charged with enforcing the rule. OCR had asked the judge to approve the penalties, and the judge granted them on all issues, the agency announced on February 3.

[Also: Obama gun control push leads HHS to change HIPAA rule]

"While OCR prefers to resolve issues through voluntary compliance, this case shows that we will take the steps necessary, including litigation, to obtain adequate remedies for violations of the HIPAA Rules," OCR Director Jocelyn Samuels, said in a press statement. "The decision in this case validates the findings of our investigation." 

Lincare claimed it had not violated HIPAA rules because the protected health information was "stolen" by the individual who discovered it on the premises previously shared with the Lincare employee. The judge rejected this argument.

Lincare provides respiratory care, infusion therapy and medical equipment to in-home patients. The company operates more than 850 branch locations in 48 states. 

[Also: Oncology group slapped with $750K HIPAA fine]

OCR's investigation of Lincare began after the agency received a complaint that a Lincare employee left behind documents containing the protected health information of 278 patients after moving to another home.

According to OCR, the employee removed patients' information from Lincare's office, left it exposed where an unauthorized person had access, and then abandoned it altogether. 

[Like Healthcare IT News on Facebook]

The OCR investigation found that Lincare had inadequate policies and procedures in place to safeguard patient information that was taken off site, although employees, who worked in patients' homes, routinely removed PHI from Lincare offices. Moreover, evidence revealed Lincare had an unwritten policy requiring certain employees to store protected health information in their own vehicles for extended periods.

Even when Lincare was aware of the complaint and the OCR investigation, the company "took only minimal action to correct its policies and strengthen safeguards to ensure compliance with the HIPAA Rules," OCR officials stated.

Twitter: @HealthITNews

Topics: 
Privacy & Security

More regional news

Nurses review a patient record on a digital tablet

All private hospitals in Singapore to connect to national EMR

By
Adam Ang
November 20, 2024
Dr. Mehmet Oz

Trump picks Dr. Mehmet Oz to head CMS

By
Susan Morse
November 20, 2024
Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock

OIG again deems HHS' infosec program ineffective

By
Andrea Fox
November 20, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock
OIG again deems HHS' infosec program ineffective

Most Read

Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
ASTP intros 2024 draft Federal FHIR Action Plan
CrowdStrike all but assures Capitol Hill: Never again
Korea's largest hospital bags APAC's first Stage 6 of new INFRAM
Sens. Warner & Wyden seek healthcare cybersecurity mandates in new bill

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards
Dr. Jay Anders at Medicomp Systems_Computer chip with stethoscope Photo by Just_Super/iStock/Getty Images Plus
Transparency and responsible AI are crucial for medical devices

More Stories

Clinicians look at diagnostic imaging
American College of Radiology launches AI quality registry
A doctor with glasses sits at a desk and speaks during a telehealth visit.
DEA and HHS extend virtual prescribing for controlled substances through 2025
Dr. Jay Anders at Medicomp Systems_Computer chip with stethoscope Photo by Just_Super/iStock/Getty Images Plus
Transparency and responsible AI are crucial for medical devices
George Pappas of Intraprise Health on cybersecurity
How to protect telemedicine from cyberattacks
Doctor talking notes while talking to a tablet
Modernizing acute care: the economic impact of bedside telehealth
A pharmacist reviewing a digital record
Blooms The Chemist integrates Healthengine and more...
Lee Kim at HIMSS_Global Health Equity Week 2024
AI can be leveraged to improve cybersecurity and health equity
HIMSSCast logo
HIMSSCast: Caregiver input needed for allocation of investment dollars