St. Elizabeth’s Medical Center

3 Lessons From Mass. Hospital’s HIPAA Settlement

Last month, the U.S. Department of Health and Human Services Office for Civil Rights announced that it had entered into a settlement agreement with St. Elizabeth’s Medical Center (SEMC) in Brighton, Massachusetts. Pursuant to the nonadmission settlement, SEMC agreed to pay $218,400 and enter into a one-year corrective action plan (CAP) to settle allegations that its employees violated the HIPAA Security Rule by, among other things, storing electronic protected health information in a cloud document-sharing application.