The Office for Civil Rights (OCR) has reached a $125,000 settlement with Allergy Associates of Hartford, P.C. for a HIPAA violation dating back to February 2015.

According to the agency, who released a statement on November 26, the violation occurred when an Allergy Associates’ patient contacted a local television station to discuss a dispute that occurred with a doctor of the practice. Following the conversation, a reporter contacted the doctor, who responded to the dispute allegations by impermissibly disclosing that patient’s protected health information.

After the OCR investigated the potential HIPAA violation, they ruled the statements made by the doctor demonstrated “a reckless disregard for the patient’s privacy.” The investigation also revealed that the doctor had been instructed by the organization’s Privacy Officer to not respond to the reporter’s request for comment, or to simply respond with “no comment.”

In addition to the discoveries made during the investigation, OCR found that following the incident, no corrective action plan was implemented, and no disciplinary action was taken against the doctor for his misconduct.

Not only will Allergy Associates have to pay the settlement, but they will also have to adopt a corrective action plan, which will include two years of monitoring their HIPAA compliance.

Allergy Associates is a small practice with three doctors across four locations. This incident illustrates that fines don’t just hit large organizations when hundreds of patient records are exposed. This data breach involved the inappropriate disclosure of a single individual’s information by a small practice and serves as an important reminder that organizations of all sizes are subject to large fines and penalties.


The post Allergy practice pays $125,000 for doctor’s inappropriate disclosure of PHI appeared first on HIPAA Secure Now!.