MD Anderson wins appeal of $4.3 million HIPAA penalty

February 4, 2021 Laura Hale Brockway

In 2017, the University of Texas MD Anderson Cancer Center was assessed $4.3 million in penalties for violating HIPAA. The penalties were the result of an investigation by the HHS Office for Civil Rights (OCR) that occurred after MD Anderson reported three data breaches involving the theft of an unencrypted laptop and the loss of two unencrypted USB thumb drives.

MD Anderson appealed the OCR’s decision, and on January 15, 2021, the Fifth Circuit Court of Appeals vacated the penalty.

“The Fifth Circuit disagreed with OCR’s (and the ALJ’s) interpretation of both the encryption and disclosure provisions, and also determined that the penalty issued by the agency was ‘arbitrary, capricious, and otherwise unlawful,’” according to an article on the JD Supra website.

Read more about the Firth Circuit Court’s decision, and its possible effects on OCR investigations going forward.

About the Author

Laura Hale Brockway is the Vice President of Marketing at TMLT. She can be reached at

Visit Website More Content by Laura Hale Brockway
Previous Article
Winter storm update: Recovering damaged records
Winter storm update: Recovering damaged records

If you experienced an IT system failure or other damage from the winter storms, read about recovering damag...

Next Article
COVID-19 vaccination — Resources for physicians
COVID-19 vaccination — Resources for physicians

TMLT risk managers urge physicians to stay up-to-date on COVID-19 vaccination information.

Discover the 5 things that get physicians sued

Take Me There