Compliancy Group

Need a new search?

If you didn't find what you were looking for, try a new search!

Action Taken Against CHS: Multistate HIPAA Settlement Following C10P Ransomware Attack

Being in the healthcare industry, it is obvious that patient data security is extremely important. Unfortunately, not all healthcare providers take data security seriously, which can lead to devastating consequences. One such case is the Community Health Systems (CHS) C10P Ransomware attack, which affected millions of patients and resulted in a multistate HIPAA settlement. ​​No one is protected from HIPAA violation double [...]

2024-07-15T14:08:09-04:00April 4th, 2023|

$130K State HIPAA Settlement Announced

Two printing companies settled with New Jersey over an incident that exposed protected medical and client information. Under the state HIPAA settlement, Command Marketing Innovations, LLC (CMI) and Strategic Content Imaging, LLC (SCI) agreed to pay a $130,000 fine and implement more robust security policies. Why Were They Fined? The incident that led up to the state HIPAA settlement occurred when the [...]

2024-07-15T14:21:54-04:00November 12th, 2021|

Attorney General HIPAA Settlement Reached For Improper Disposal of ePHI

The Wakefern Food Corp., and two of its ShopRite supermarkets, have reached an Attorney General HIPAA settlement with the state of New Jersey and the New Jersey Division of Consumer Affairs. But what led to the Attorney General HIPAA settlement? More details are discussed below. Attorney General HIPAA Settlement for HIPAA Violations In 2016, Wakefern replaced devices in the pharmacies of two [...]

2024-07-15T14:27:55-04:00November 5th, 2020|

CHS Reaches Multistate HIPAA Settlement After OCR Fine

After reaching a HIPAA settlement for extensive HIPAA violations, Community Health Systems reached another settlement with 28 states. Additional details of the multistate HIPAA settlement are described below. What is a Multistate HIPAA Settlement? There’s no right against HIPAA double jeopardy. In other words, OCR may fine a covered entity or business associate for noncompliance. At the same time, before, or after, [...]

2024-07-15T14:27:59-04:00October 14th, 2020|

HIPAA Settlement Reached with Gastroenterological Sole Practitioner

The Department of Health and Human Services’ (HHS) Office for Civil rights (OCR) issued the first HIPAA settlement for 2020. Steven A. Porter, M.D., a gastroenterological sole practitioner, has agreed to pay $100,000 to the OCR for HIPAA violations. On November 21, 2013, Steven A. Porter, M.D. filed a breach report with the OCR claiming that their business associate (BA), Elevation43, was withholding the Practice’s [...]

2024-07-15T14:38:42-04:00March 3rd, 2020|

$3 Million HIPAA Settlement Reached for Lack of Device Encryption

The Office for Civil Rights (OCR) issued a press release on November 5, 2019 discussing a $3 million HIPAA settlement reached with the University of Rochester Medical Center (URMC). URMC filed two separate breach reports in 2013 and 2017, both in reference to unencrypted devices that stored protected health information (PHI). The healthcare breaches stemmed from the loss of an unencrypted flash drive and the theft of an [...]

2024-07-15T14:51:49-04:00November 7th, 2019|

Mount Sinai-St. Luke’s Pays $387K HIPAA Settlement for Privacy Violation

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has levied a $387,200 HIPAA settlement against St. Luke's-Roosevelt Hospital Center for unlawful disclosure of patient data. OCR was alerted to the breach in September of 2014. A patient at the Institute for Advanced Medicine (formerly the Spencer Cox Center for Health) reported that a staff member disclosed the patient's protected health information (PHI) to the [...]

2024-07-15T15:29:05-04:00May 25th, 2017|

Cornell Prescription Pharmacy (Denver, CO), $125,000 HIPAA Settlement

Cornell Prescription Pharmacy (Denver, CO) $125,000 HIPAA Settlement On April 27, 2015, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) handed down a $125,000 settlement to a small, single-location pharmacy based out of Denver, Colorado called Cornell Prescription Pharmacy. This case proved landmark in the history of HIPAA enforcement because of OCR's decision to investigate such a small-scale data breach on [...]

2023-10-25T22:05:43-04:00October 6th, 2016|

Six Risk Assessments Fail to Prevent $2.7 Million HIPAA Settlement

Oregon Health and Science University (OHSU) reached a settlement with OCR earlier in July for $2.7 million. The organization had executed six risk analysis over the course of 10 years, but the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) found that those risk assessments did not constitute a sufficient HIPAA compliance plan. This case should be a clear sign to healthcare professionals that [...]

2024-07-15T15:29:22-04:00July 21st, 2016|

$2.7 Million HIPAA Settlement Reached with OHSU After Repeated HIPAA Violations

Oregon Health and Science University (OHSU) has reached a settlement with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) for $2.7 million. The HIPAA settlement comes after two separate data breaches were reported to OCR dating back to 2013. Combined, these breaches affected more than 7,000 patients. The first breach was caused by a laptop theft. A surgeon was vacationing [...]

2024-07-15T15:29:23-04:00July 15th, 2016|