Resource:
Loss Scenario: PHI Sent to Storage Facility Never Arrived
Learn the risks a health care organization loss scenario can present, and how Chubb can save you time, money and liability.
DESCRIPTION OF EVENT
A medical imaging center stored mammogram files on site and routinely sent both hard and/or electronic copies of patients’ image reports to their corresponding physician’s offices when requested. After sending a bulk shipment containing files and corresponding protected health information (PHI) for 2,000 patients to storage, it was discovered that the imaging files never arrived at the storage facility. The imaging facility reported the privacy breach to Health & Human Services (HHS) as required under the Health Information Technology for Economic and Clinical Health (HITECH) Act since more than 500 individuals’ PHI was involved in the incident.
RESOLUTION
The imaging center incurred $95,000 in expenses in connection with notification, identity monitoring, health record restoration services, and independent counsel fees. It also incurred approximately $100,000 in legal defense costs and $175,000 in fines and penalties after a regulatory investigation by HHS found that the imaging facility did not encrypt the mammogram imaging files or have proper safeguards in place to otherwise protect the security of the PHI contained in the files.
Could this happen to your organization? Contact your trusted Chubb agent or broker.
