Tuesday, March 25, 2014 HIPAA Violation Leads To $4.1 Million Judgment Based On State Law A protected health information (PHI) breach that violated HIPAA may now result in the same facility paying out an additional $4.1 million for violations of state privacy laws. According to a recent article in Healthcare IT News, a Los Angeles County Superior Court judge has approved the class action settlement that asserts Stanford Hospital and Clinics violated California's Confidentiality of Medical Information Act. The settlement stems from a 2010 breach that involved the posting the PHI of nearly 20,000 patients to a student website. The information remained on the public website for almost 1 year, and contained patient names and diagnoses. The Healthcare IT article reports that this was the fifth in a string of HIPAA breaches connected with the facility that affected the PHI of more than 92,000 patients. Of the 5 breaches, 4 involved the theft of unencrypted company laptops. HIPAA rules can be complex, but the consequences of not understanding them can be serious. APTA provides resources on compliance on APTA's HIPAA webpage.