MD Anderson wins appeal of $4.3 million HIPAA penalty

February 4, 2021 Laura Hale Brockway

In 2017, the University of Texas MD Anderson Cancer Center was assessed $4.3 million in penalties for violating HIPAA. The penalties were the result of an investigation by the HHS Office for Civil Rights (OCR) that occurred after MD Anderson reported three data breaches involving the theft of an unencrypted laptop and the loss of two unencrypted USB thumb drives.

MD Anderson appealed the OCR’s decision, and on January 15, 2021, the Fifth Circuit Court of Appeals vacated the penalty.

“The Fifth Circuit disagreed with OCR’s (and the ALJ’s) interpretation of both the encryption and disclosure provisions, and also determined that the penalty issued by the agency was ‘arbitrary, capricious, and otherwise unlawful,’” according to an article on the JD Supra website.

Read more about the Firth Circuit Court’s decision, and its possible effects on OCR investigations going forward.

About the Author

Laura Hale Brockway is the Vice President of Marketing at TMLT. She can be reached at laura-brockway@tmlt.org.

Visit Website More Content by Laura Hale Brockway
Previous Article
Remote patient monitoring — Risk management considerations
Remote patient monitoring — Risk management considerations

Factors to consider when using remote patient monitoring.

Next Article
Law enforcement exceptions to HIPAA
Law enforcement exceptions to HIPAA

If you suspect one of your patients may harm himself or others, can you report your suspicions to the polic...

Podcast: Tech, Telemedicine, Tomorrow

LISTEN