A 2016 hacking incident that hit Oklahoma State University's Center for Health Sciences has led to an $875,000 HIPAA breach fine settlement to address potential violations. Background of Oklahoma State University HIPAA Breach Hackers first gained access to a web server containing the electronic protected health information (ePHI) of as many as 279,865 individuals on March 9, 2016. The information accessed included [...]
Following a winter of hibernation, the Department of Health and Human Services (HHS) regulators roared to life with the announcement of three settlements and one fine totaling more than $172,000 for violations of HIPAA’s Patient Right of Access and Privacy Rules. Each HIPAA dental fine, as well as the behavioral health fine, were issued for varying degrees of noncompliance. Monetary Penalties Assessed [...]
In January of 2022, EyeMed Vision Care LLC, a New York vision benefits provider, settled an action brought by the New York State Attorney General against it for failing to implement adequate data security measures, including multifactor authentication, password management, and logging of email accounts. These deficiencies resulted in a 2020 email data breach during which hackers accessed an EyeCare email account [...]
When a covered entity or business associate makes the HIPAA Wall of Shame for a significant breach or violation, it often results in huge fines. In some cases, the breaches and resulting fines resulted from organizations knowingly violating HIPAA regulations and just hoping they wouldn’t get caught. However, many violations and fines occur because people thought they were doing enough to be compliant. Do the regulators [...]
In December of 2021, the New Jersey Attorney General’s Division of Consumer Affairs, Office of Consumer Protection, settled a HIPAA enforcement action that it brought against Regional Cancer Care Associates (RCCA). RCCA is based in Hackensack, New Jersey, and has over 30 locations throughout New Jersey, Connecticut, Maryland, and the Washington DC area. RCCA treats cancer patients as well as patients with blood disorders. RCCA fell victim to [...]
In November of 2021, the New Jersey State Attorney General’s (AG) Office, Division of Consumer Affairs, settled 2 HIPAA claims, one HIPAA claim against Command Marketing Innovations (CMI), and another HIPAA claim against CMI’s business associate, Strategic Content Imaging, LLC (SCI). This $130,000 resolution settled each company’s potential HIPAA Security Rule and Privacy Rule violations. The printing companies were drummed into New Jersey court for having [...]
This year, the Department of Health and Human Services’ Office for Civil Rights (OCR) resolved 14 enforcement actions it had filed against healthcare providers, health plans, and clinical labs. OCR resolved all but one of these 13 through entering into a Settlement Agreement with the covered entity. In the remaining action, OCR imposed a civil monetary penalty on the provider. The lessons from 2021 HIPAA fines are three-fold: [...]
On November 30, 2021, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of five HIPAA right of access investigations. OCR settled four right of access complaints, with providers in Ohio, Colorado, Oregon and North Carolina. OCR imposed a civil monetary penalty (CMP) on a fifth provider, a cardiologist in Long Island (New Hyde Park), New York. OCR imposed a penalty [...]
Under federal government logic, when the cost of living goes up, the amounts of monetary penalties for violations of certain federal laws must go up too. So, in November of 2021, the Department of Health and Human Services announced that it was raising the civil monetary penalties for each of the four tiers of HIPAA violations. The new dollar values are discussed below. [...]
Two printing companies settled with New Jersey over an incident that exposed protected medical and client information. Under the state HIPAA settlement, Command Marketing Innovations, LLC (CMI) and Strategic Content Imaging, LLC (SCI) agreed to pay a $130,000 fine and implement more robust security policies. Why Were They Fined? The incident that led up to the state HIPAA settlement occurred when the [...]
© 2023 Compliancy Group LLC. All Rights Reserved | Terms of Use | Privacy Policy
