Why Were They Fined?
The incident that led up to the state HIPAA settlement occurred when the two printing and mailing companies, contracted by a healthcare organization, accidentally exposed the protected health information (PHI) of 55,715 when the companies failed to detect a printing error. As a result of the printing error, explanation of benefit summaries were mailed to the wrong recipients, including claims numbers, dates of service, provider and facility names, and the descriptions of services.
“Companies that handle sensitive personal and health information have a duty to protect patient privacy,” said Acting Attorney General of New Jersey Andrew J. Bruck. “Inadequate protective measures is unacceptable, and we will hold companies accountable if they bypass our laws, cut corners, and put privacy and security at risk.”
The companies agreed to pay $130,000 to settle allegations that the companies violated the New Jersey Consumer Fraud Act (CFA) and the Health Insurance Portability and Accountability Act (HIPAA).