On September 20, 2018, an oversite led to a massive Protected Health Information (PHI) breach that resulted in multiple HIPAA settlements totaling almost one million dollars, $999,000, to be exact. Separate settlements have been reached with three separate hospitals after film crews had been invited to the premises to film a documentary series for ABC television network.

This is not the first time that hospitals have been in trouble for disclosing patient PHI while ABC filmed an episode in their facilities. The first case of this was in April of 2016. In this case, New York-Presbyterian was required to reach a settlement based off of the PHI that was exposed in the show “NY Med.”

Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH) were the three hospitals involved. These hospitals allowed film crews to come in and record without getting any form of authorization from their patients. The extent of PHI exposed by each was different so all of them reached different settlements. Boston Medical Center settled for $100,000 because they failed to request authorization from their patients. Although Brigham and Women’s Hospital notified their patients and asked for authorization, they still settled for $384,000. They were still in violation of disclosing PHI because, based off of the timing that they received some of their written patient authorizations, they still impermissibly disclosed patient’s PHI to the ABC employees during the production and filming of the documentary. Lastly, Massachusetts General Hospital reached the largest settlement of the three, at a whopping $515,000. They ran into the same predicament as Brigham and Women’s Hospital because while they did ask for patient authorization, they did not do so in an appropriate amount of time.

Along with the financial repercussions that each hospital faces, they are also required to follow an action plan. The Department of Health and Human Services is requiring each hospital to provide “workforce training as part of a corrective action plan that will include OCR’s guidance on disclosures to film and media.” There are very strict rules regarding film and media outlined on the Health and Human Services website.

Be sure your organization knows these rules and other HIPAA compliance standards to protect your patients’ information. Start using HIPAAgps today to learn more about HIPAA compliance and to access a simple, online system for help with HIPAA.