October HIPAA Fines Reach $1.7 Million

With just three organizations fined by the HHS’ Office for Civil Rights (OCR) in October, the month’s HIPAA fines reached $1.7 million. More details on October HIPAA fines are discussed. October HIPAA Fines: Aetna Life Insurance Company Fined $1 Million Oct 28, 2020 - Aetna Life Insurance Company enters into a settlement with the HHS regarding three separate breaches over a six month period, affecting 18,602 patients. [...]

2022-02-16T10:44:33-05:00November 12th, 2020|

Terminated Employee’s Unauthorized Access to PHI Leads to Latest HIPAA Fine

In a record-breaking year for HIPAA fines, the HHS doesn’t seem to be slowing down. The HHS announced that they have reached a settlement with the City of New Haven, Connecticut for HIPAA violations. The HIPAA violation occurred as a result of the New Haven Health Department's failure to revoke access to their systems after terminating an employee. More details about the unauthorized access to PHI and settlement [...]

2022-02-16T10:44:36-05:00November 2nd, 2020|

3 Breaches, 6 Months & A $1 Million Fine: Aetna Reaches OCR Settlement for HIPAA Violations

The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) has reached a $1,000,000 settlement with health insurer Aetna. Aetna agreed to pay this fine and to adopt a two-year corrective action plan (CAP), as a result of its having committed three HIPAA violations in a six-month period. This settlement is the 14th that OCR has entered into in 2020. More settlements have [...]

2020-11-16T09:02:32-05:00October 29th, 2020|

West Georgia Ambulance Pays $65K fine for HIPAA Violations

The Office for Civil Rights of the Department of Health and Human Services has saved an announcement of HIPAA penalties for literally the day before the end of 2019. On December 30, through a press release, OCR announced it has entered into a resolution agreement with West Georgia Ambulance, Inc. on December 23. The agreement requires West Georgia to pay a fine in the amount [...]

2020-11-19T15:56:23-05:00January 2nd, 2020|

HIPAA Enforcement

There are significant consequences for breaking the HIPAA laws. The HIPAA Rule is enforced through several methods.  The most common method of HIPAA enforcement is actions of the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). State attorneys general may also conduct HIPAA enforcement. How Does HIPAA Enforcement Work? HIPAA enforcement takes place on both the federal government and [...]

2021-07-30T16:23:15-04:00December 17th, 2019|

$3 Million HIPAA Settlement Reached for Lack of Device Encryption

The Office for Civil Rights (OCR) issued a press release on November 5, 2019 discussing a $3 million HIPAA settlement reached with the University of Rochester Medical Center (URMC). URMC filed two separate breach reports in 2013 and 2017, both in reference to unencrypted devices that stored protected health information (PHI). The healthcare breaches stemmed from the loss of an unencrypted flash drive and the theft of an unencrypted [...]

2019-12-31T11:35:14-05:00November 7th, 2019|

OCR’s Strict Enforcement of HIPAA Laws on Healthcare Organizations

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was designed to protect individuals' health information. The HIPAA Privacy Rule ensures the protection of “individually identifiable health information” kept by a covered entity or a business associate. This protects patient information such as an individual’s physical or mental health, the distribution of healthcare, and the payment for healthcare. Such information is considered Protected Health Information (PHI).  OCR Settlements [...]

2019-12-20T14:23:04-05:00September 19th, 2019|

OCR Reaches First Settlement Ever Under Right of Access Initiative

Earlier this year, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced an initiative. Under the initiative, OCR stated that a main area of HIPAA enforcement in 2019 would be HIPAA right of access violations, including covered entities’ untimely responses to access requests and overcharging for copies of medical records. In early September of 2019, OCR reached its first settlement [...]

2021-01-04T13:33:43-05:00September 17th, 2019|

HIPAA Audits: 3 Lessons Learned

The Health Insurance Portability and Accountability Act (HIPAA) dictates healthcare standards for how protected health information (PHI) is handled and safeguarded. The Department of Health and Human Services (HHS) estimates that 70% of organizations are not HIPAA compliant. There’s a lot of confusion on who needs to be HIPAA compliant, but the easiest way to explain this is if you are dealing with PHI in [...]

2020-12-03T13:21:06-05:00July 25th, 2019|

Double Trouble: Indiana Engineering Company Hit with Federal AND Multistate Data Breach Fines

Medical Informatics Engineering, Inc. (MIE) is an Indiana-based company that develops and offers solutions enabling the exchange of electronic protected health information (ePHI). In May of 2019, the company paid the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) $100,000 to settle potential HIPAA Privacy Rule and Security Rule violations.  The events causing the violations are now commonplace, MIE had discovered [...]

2020-11-06T15:23:23-05:00July 24th, 2019|