Oklahoma State University Agrees to $875k HIPAA Breach Fine

A 2016 hacking incident that hit Oklahoma State University's Center for Health Sciences has led to an $875,000 HIPAA breach fine settlement to address potential violations. Background of Oklahoma State University HIPAA Breach Hackers first gained access to a web server containing the electronic protected health information (ePHI) of as many as 279,865 individuals on March 9, 2016. The information accessed included [...]

2023-04-06T13:59:01-04:00July 15th, 2022|

Dental Trio & Psych Practice Hit with Access, Privacy Fines

Following a winter of hibernation, the Department of Health and Human Services (HHS) regulators roared to life with the announcement of three settlements and one fine totaling more than $172,000 for violations of HIPAA’s Patient Right of Access and Privacy Rules. Each HIPAA dental fine, as well as the behavioral health fine, were issued for varying degrees of noncompliance. Monetary Penalties Assessed [...]

2023-04-06T13:59:31-04:00March 28th, 2022|

NY AG SHIELD UP! Vision Benefits Provider Settles Email Data Breach

In January of 2022, EyeMed Vision Care LLC, a New York vision benefits provider, settled an action brought by the New York State Attorney General against it for failing to implement adequate data security measures, including multifactor authentication, password management, and logging of email accounts.  These deficiencies resulted in a 2020 email data breach during which hackers accessed an EyeCare email account [...]

2023-04-06T13:59:54-04:00January 26th, 2022|

What’s the Civil Penalty for Unknowingly Violating HIPAA?

When a covered entity or business associate makes the HIPAA Wall of Shame for a significant breach or violation, it often results in huge fines. In some cases, the breaches and resulting fines resulted from organizations knowingly violating HIPAA regulations and just hoping they wouldn’t get caught. However, many violations and fines occur because people thought they were doing enough to be compliant. Do the regulators [...]

2023-04-10T11:19:51-04:00January 24th, 2022|

Hackensack Cancer Center Settles HIPAA Violations With New Jersey Attorney General

In December of 2021, the New Jersey Attorney General’s Division of Consumer Affairs, Office of Consumer Protection, settled a HIPAA enforcement action that it brought against Regional Cancer Care Associates (RCCA). RCCA is based in Hackensack, New Jersey, and has over 30 locations throughout New Jersey, Connecticut, Maryland, and the Washington DC area. RCCA treats cancer patients as well as patients with blood disorders. RCCA fell victim to [...]

2023-04-06T14:00:32-04:00December 23rd, 2021|

New Jersey State Attorney General Settles HIPAA Claims Against Printing Companies

In November of 2021, the New Jersey State Attorney General’s (AG) Office, Division of Consumer Affairs, settled 2 HIPAA claims, one HIPAA claim against Command Marketing Innovations (CMI), and another HIPAA claim against CMI’s business associate, Strategic Content Imaging, LLC (SCI). This $130,000 resolution settled each company’s potential HIPAA Security Rule and Privacy Rule violations. The printing companies were drummed into New Jersey court for having [...]

2023-04-06T14:00:34-04:00December 21st, 2021|

The Fines They Are A’Changin’: Lessons from 2021 HIPAA Fines

This year, the Department of Health and Human Services’ Office for Civil Rights (OCR) resolved 14 enforcement actions it had filed against healthcare providers, health plans, and clinical labs. OCR resolved all but one of these 13 through entering into a Settlement Agreement with the covered entity. In the remaining action, OCR imposed a civil monetary penalty on the provider. The lessons from 2021 HIPAA fines are three-fold: [...]

2023-04-06T14:00:35-04:00December 17th, 2021|

OCR Settles 5 HIPAA Right of Access Complaints

On November 30, 2021, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of five HIPAA right of access investigations. OCR settled four right of access complaints, with providers in Ohio, Colorado, Oregon and North Carolina. OCR imposed a civil monetary penalty (CMP) on a fifth provider, a cardiologist in Long Island (New Hyde Park), New York. OCR imposed a penalty [...]

2023-04-06T14:00:41-04:00December 3rd, 2021|

HHS Increases Civil Monetary Penalties for HIPAA Violations

Under federal government logic, when the cost of living goes up, the amounts of monetary penalties for violations of certain federal laws must go up too. So, in November of 2021, the Department of Health and Human Services announced that it was raising the civil monetary penalties for each of the four tiers of HIPAA violations. The new dollar values are discussed below. [...]

2023-04-06T14:00:42-04:00December 1st, 2021|

$130K State HIPAA Settlement Announced

Two printing companies settled with New Jersey over an incident that exposed protected medical and client information. Under the state HIPAA settlement, Command Marketing Innovations, LLC (CMI) and Strategic Content Imaging, LLC (SCI) agreed to pay a $130,000 fine and implement more robust security policies. Why Were They Fined? The incident that led up to the state HIPAA settlement occurred when the [...]

2023-04-06T14:00:45-04:00November 12th, 2021|