Published July, 2017
Settlement Agreement Between the U.S. Department of Health and Human Services and St. Luke's Roosevelt Hospital Center, Inc., Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (May 2017)
St. Luke’s - Roosevelt Hospital Center (“St. Luke’s”), located in New York City, entered into a Resolution Agreement, dated May 8, 2017 (the “Agreement”) with the U.S. Department of Health and Human Services (“HHS”), to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule (the “Rule”). The goal of the Rule is to assure that an individual’s health information is protected while allowing that information to be disclosed under certain conditions. The Agreement was related to disclosure of the private health information (“PHI”) of two patients by staff of St. Luke’s Institute for Advanced Medicine, formerly the Spencer Cox Center for Health.
The “impermissible disclosures,” about HIV, AIDS and mental health, were “egregious.” The Corrective Action Obligations in the Agreement require St. Luke’s to: (1) pay HHS $387,200; (2) review and revise as necessary the hospital’s policies and procedures regarding use and disclosure of PHI; (3) distribute all related HIPPA policies and procedures to its workforce, and (4) review and revise training materials on PHI as necessary.
Copyright Information: CHLP encourages the broad use and sharing of resources. Please credit CHLP when using these materials or their content. and do not alter, adapt or present as your work without prior permission from CHLP.
Legal Disclaimer: CHLP makes an effort to ensure legal information is correct and current, but the law is regularly changing, and the accuracy of the information provided cannot be guaranteed. The legal information in a given resource may not be applicable to all situations and is not—and should not be relied upon—as a substitute for legal advice.