With just three organizations fined by the HHS’ Office for Civil Rights (OCR) in October, the month’s HIPAA fines reached $1.7 million. More details on October HIPAA fines are discussed.

October HIPAA Fines: Aetna Life Insurance Company Fined $1 Million

Oct 28, 2020 – Aetna Life Insurance Company enters into a settlement with the HHS regarding three separate breaches over a six month period, affecting 18,602 patients.

October HIPAA Fines

Upon investigation into the incidents, investigators concluded that Aetna:

  • failed to perform periodic technical and nontechnical evaluations of operational changes affecting the security of their electronic PHI (ePHI); 
  • implement procedures to verify the identity of persons or entities seeking access to ePHI; 
  • limit PHI disclosures to the minimum necessary to accomplish the purpose of the use or disclosure; and 
  • have in place appropriate administrative, technical, and physical safeguards to protect the privacy of PHI.

To settle HIPAA violations, Aetna agreed to an OCR settlement that includes a $1 million fine, two years of OCR monitoring, and the requirement to adopt a corrective action plan (CAP).

“When individuals contract for health insurance, they expect plans to keep their medical information safe from public exposure. Unfortunately, Aetna’s failure to follow the HIPAA Rules resulted in three breaches in a six-month period, leading to this million dollar settlement,” said OCR Director Roger Severino.

Read more about Aetna’s violations and the settlement here.

Let’s Simplify Compliance

Avoid fines by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

October HIPAA Fines: NY Spine Medicine Fined $100,000

Oct 9, 2020 – OCR announced that it had reached a settlement with NY Spine Medicine for the organization’s failure to comply with the right of access standard. The OCR began its investigation into NY Spine Medicine after a patient issued a complaint that the organization failed to provide her with her requested medical records. 

Although the right of access standard requires healthcare providers to provide patients with copies of their medical records within 30 days of the request, NY Spine failed to provide the records until OCR’s involvement, 15 months after the patient’s first request.

As a result, NY Spine Medicine agreed to a HIPAA settlement that includes a $100,000 fine, two years of OCR monitoring, and the requirement to adopt a CAP.

“No one should have to wait over a year to get copies of their medical records. HIPAA entitles patients to timely access to their records and we will continue our stepped up enforcement of the right of access until covered entities get the message,” said Roger Severino, OCR Director.

Read more about NY Spine Medicine’s violations and the settlement here.

October HIPAA Fines: St. Joseph’s Hospital and Medical Center Fined $160,000

Oct 7, 2020 –  St. Joseph’s Hospital and Medical Center agreed to an OCR settlement to settle right of access violations. After a woman complained that she had not received copies of her son’s medical records, issuing seven separate requests for the records, the OCR began its investigation. After OCR’s involvement, she received the requested copies, 22 months after her initial request. 

To settle HIPAA violations, St. Joseph agreed to a $1