News & Insights

$475,000 HIPAA Settlement for Hospital’s Untimely Reporting of Breach

February 15, 2017

$475,000 HIPAA Settlement for Hospital’s Untimely Reporting of Breach

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced the first HIPAA settlement resulting from a hospital’s untimely reporting of a breach of unsecured protected health information (PHI). The breach stemmed from missing paper-based OR schedules containing PHI at Presence Health of Joliet, Illinois. Because the hospital failed to notify the 836 affected individuals and the OCR, Presence Health agreed to settle potential violations of the HIPAA Breach Notification Rule by paying $475,000 and implementing a corrective action plan. To read the original announcement, click here.

While this specific case highlights paper-based theft, the risk of a cyber breach is becoming all the more realistic – especially in a world of electronic health record keeping. Past issues of The LINK and The Central Line have exposed readers to the concepts of whale phishing, meatware and medjacking. In light of the incident above, it’s time to start thinking seriously about your protection.

LAMMICO includes Medefense™ Plus/Cyber Liability insurance in most policies and offers the option to purchase higher limits of protection through our subsidiary agency, Elatas Risk Partners.

To learn more or to obtain a quote for higher limits of protection against cyber-crime or other exposures that could lead to severe civil fines and penalties, contact Carly Thames, Elatas Risk Partners Account Executive, at 225.906.2062 or

Recommended Reading For You

LAMMICO Recognizes Sen. Donald Elliott Hines, M.D.

Read More

Guidance on Disposing of Electronic Devices and Media

Read More

Medical Data is Top Target of Hackers

Read More


Annual Reports:

Receive Regular Updates: