MD Anderson wins appeal of $4.3 million HIPAA penalty

In 2017, the University of Texas MD Anderson Cancer Center was assessed $4.3 million in penalties for violating HIPAA. The penalties were the result of an investigation by the HHS Office for Civil Rights (OCR) that occurred after MD Anderson reported three data breaches involving the theft of an unencrypted laptop and the loss of two unencrypted USB thumb drives.

MD Anderson appealed the OCR’s decision, and on January 15, 2021, the Fifth Circuit Court of Appeals vacated the penalty.

“The Fifth Circuit disagreed with OCR’s (and the ALJ’s) interpretation of both the encryption and disclosure provisions, and also determined that the penalty issued by the agency was ‘arbitrary, capricious, and otherwise unlawful,’” according to an article on the JD Supra website.

Read more about the Firth Circuit Court’s decision, and its possible effects on OCR investigations going forward.

About the Author

Laura Hale Brockway is the Vice President of Marketing at TMLT. She can be reached at laura-brockway@tmlt.org.

More Content by Laura Hale Brockway
Previous Article
In memory: John Raymond Lomenzo
In memory: John Raymond Lomenzo

We are sad to announce the passing of John Raymond Lomenzo, TMLT’s first president.

Next Article
Telemedicine: Patient selection and meeting the standard of care
Telemedicine: Patient selection and meeting the standard of care

Risk factors and guidelines for telemedicine appointments