MD Anderson wins appeal of $4.3 million HIPAA penalty

February 4, 2021 Laura Hale Brockway

In 2017, the University of Texas MD Anderson Cancer Center was assessed $4.3 million in penalties for violating HIPAA. The penalties were the result of an investigation by the HHS Office for Civil Rights (OCR) that occurred after MD Anderson reported three data breaches involving the theft of an unencrypted laptop and the loss of two unencrypted USB thumb drives.

MD Anderson appealed the OCR’s decision, and on January 15, 2021, the Fifth Circuit Court of Appeals vacated the penalty.

“The Fifth Circuit disagreed with OCR’s (and the ALJ’s) interpretation of both the encryption and disclosure provisions, and also determined that the penalty issued by the agency was ‘arbitrary, capricious, and otherwise unlawful,’” according to an article on the JD Supra website.

Read more about the Firth Circuit Court’s decision, and its possible effects on OCR investigations going forward.

About the Author

Laura Hale Brockway is the Vice President of Marketing at TMLT. She can be reached at laura-brockway@tmlt.org.

Visit Website More Content by Laura Hale Brockway
Previous Article
Guidelines for the release of medical records
Guidelines for the release of medical records

It is imperative to have a system in place that allows the release of complete, legible, and organized reco...

Next Article
Release of medical records webinar — key takeaways and resources
Release of medical records webinar — key takeaways and resources

A summary from the webinar “Release of medical records: Review of hot topics” presented on May 26, 2020.