HIPAA Fines Directory by Year 2018-03-28T12:23:58+00:00

HIPAA Fines Listed by Year

2018 HIPAA Fines

Date Organization Fine Total Link to OCR Settlement
February 1, 2018 Fresenius Medical Care North America (FMCNA) $3,500,000 Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules
February 13, 2018  Filefax, Inc.  $100,000  Consequences for HIPAA violations don’t stop when a business closes
 2018 TOTAL: $3,600,000

2017 HIPAA Fines

Date Organization Fine Total Link to OCR Settlement
January 9, 2017 Presence Health $475,000 First HIPAA enforcement action for lack of timely breach notification settles for $475,000
January 18, 2017 MAPFRE $2,200,000 HIPAA settlement demonstrates importance of implementing safeguards for ePHI
February 1, 2017 Children’s Medical Center of Dallas $3,200,000 Lack of timely action risks security and costs money
February 16, 2017 Memorial Healthcare Systems $5,500,000 $5.5 million HIPAA settlement shines light on the importance of audit controls
April 12, 2017 Metro Community Provider Network (MCPN) $400,000 Overlooking risks leads to breach, $400,000 settlement
April 20, 2017 The Center for Children’s Digestive Health (CCDH) $31,000 No Business Associate Agreement?  $31K Mistake
April 24, 2017 CardioNet $2,500,000 $2.5 million settlement shows that not understanding HIPAA requirements creates risk
May 10, 2017 Memorial Hermann Health System (MHHS) $2,400,000 Texas health system settles potential HIPAA violations for disclosing patient information
 May 23, 2017  St. Luke’s Roosevelt Hospital System Inc.  $387,200 Careless handling of HIV information jeopardizes patient’s privacy, costs entity $387k
 December 18, 2017  21st Century Oncology  $2,300,000 $2.3 Millon Levied for Multiple HIPAA Violations at NY-Based Provider
 2017 TOTAL: $19,393,200

2016 HIPAA Fines

Date Organization Fine Total Link to OCR Settlement
February 3, 2016 Lincare, Inc. $239,800 Administrative Law Judge rules in favor of OCR enforcement, requiring Lincare, Inc. to pay $239,800
February 16, 2016 Physical Therapy $25,000 Physical therapy provider settles violations that it impermissibly disclosed patient information
March 16, 2016 North Memorial $1,550,000 $1.55 million settlement underscores the importance of executing HIPAA business associate agreements
March 17, 2016 Feinstein Research $3,900,000 Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA settlement
 April 20, 2016 Raleigh Orthopaedic $750,000 $750,000 settlement highlights the need for HIPAA business associate agreements
April 21, 2016 New York Presbyterian $2,200,000 Unauthorized Filming for “NY Med” Results in $2.2 Million Settlement with New York Presbyterian Hospital
June 29, 2016 Catholic Health Services of Philadelphia $650,000 Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI Leads to $650,000 HIPAA Settlement
July 18, 2016 Oregon Health & Science University $2,700,000 Widespread HIPAA vulnerabilities result in $2.7 million settlement with Oregon Health & Science University
July 21, 2016 Univeristy of Mississippi Medical Center $2,750,000 Multiple alleged HIPAA violations result in $2.75 million settlement with the University of Mississippi Medical Center (UMMC)
August 4, 2016 Advocate Health $5,550,000 Advocate Health Care Settles Potential HIPAA Penalties for $5.55 Million
September 23, 2016 Care New England Health System $400,000 HIPAA settlement illustrates the importance of reviewing and updating, as necessary, business associate agreements
October 17, 2016 St. Joseph’s $2,140,000 $2.14 million HIPAA settlement underscores importance of managing security risk
November 22, 2016 UMass $650,000 UMass settles potential HIPAA violations following malware infection
2016 TOTAL: $23,504,800  

2015 HIPAA Fines

Date Organization Fine Total Link to OCR Settlement
April 22, 2015 Cornell Prescription Pharmacy $125,000 HIPAA Settlement Highlights the Continuing Importance of Secure Disposal of Paper Medical Records
June 10, 2015 St. Elizabeth’s Medical Center $218,000 HIPAA Settlement Highlights Importance of Safeguards When Using Internet Applications
August 31, 2015 Cancer Care Group, P.C. $750,000 750,000 HIPAA Settlement Emphasizes the Importance of Risk Analysis and Device and Media Control Policies
November 24, 2015 Lahey Hospital and Medical Center $850,000 HIPAA Settlement Reinforces Lessons for Users of Medical Devices
November 30, 2015 Triple-S Management $3,500,000 Triple-S Management Corporation Settles HHS Charges by Agreeing to $3.5 Million HIPAA Settlement
December 14, 2015 University of Washington Medicine $750,000 $750,000 HIPAA Settlement Underscores the Need for Organization Wide Risk Analysis
2015 TOTAL: $6,193,000

Avoid HIPAA Fines and Get Compliant Today

Get Started!