Social Media Disclosure of NFL Player's PHI (and Other Violations) Lead to $2.15 Million in HIPAA Penalties | Practical Law
The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced that a Florida hospital system must pay more than $2.15 million in civil money penalties for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Among other violations, the action resulted from employees' improper access to an NFL player's protected health information (PHI). The player's PHI was then leaked to multiple media outlets and posted on Twitter by a reporter, causing financial and reputational harm to the player.