Skip to main content
Toggle Menu of ADA WebSites
ADA Websites
Toggle Search Area
Toggle Menu
e-mail Print Share

Office for Civil Rights announces $3.2 million penalty

February 15, 2017 Washington — The U.S. Department of Health and Human Services Office for Civil Rights said Feb. 1 that it had finalized a $3.2 million civil money penalty against the Children's Medical Center of Dallas following multiple alleged Health Insurance Portability and Accountability Act violations between 2009-13.

On Jan. 18, 2010, Children's filed a breach report with OCR "indicating the loss of an unencrypted, non-password protected BlackBerry device" that contained the electronic personal health information of approximately 3,800 individuals. On July 5, 2013, Children's filed a separate HIPAA Breach Notification Report "reporting the theft of an unencrypted laptop" containing the electronic personal health information of 2,462 individuals.

OCR said its investigation revealed "Children's noncompliance with HIPAA Rules, specifically, a failure to implement risk management plans, contrary to prior external recommendations to do so, and a failure to deploy encryption or an equivalent alternative measure on all of its laptops, work stations, mobile devices and removable storage media until April 9, 2013."

Information about OCR's enforcement process, and other incidents that OCR has investigated, is available on the HHS website here.
ADA HIPAA resources can be found online in the Center for Professional Success or the ADA Catalog.