Blog May 2, 2017

Recent HIPAA Violations Cost Healthcare Organizations Millions in Penalties

If your organization handles protected health information (PHI), you probably know that failure to comply with HIPAA regulations may result in significant fines as well as loss of business or reputation. Recently, the Office of Civil Rights (OCR) has completed its initial audits and have levied fines as a result.  Here are the recent HIPAA violations and the fines imposed by HHS.

April 25,2017:

The U.S. Department of Health and Human Services, (OCR), has announced a HIPAA settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI). CardioNet has agreed to settle potential noncompliance with the HIPAA Privacy and Security Rules by paying $2.5 million and implementing a corrective action plan. The cause of the fine was due to the loss of a company owned laptop containing the ePHI of nearly 1,400 patients.

April 20,2017:

The Center for Children’s Digestive Health (CCDH) has paid the U.S. Department of Health and Human Services $31,000 to settle potential HIPAA violations and agreed to implement a corrective action plan.  While conducting an investigation of a CCDH Business Associate, FileFax, the OCR found that neither FileFax nor CCDH could produce a signed Business Associate Agreement.  The two entities had been exchanging ePHI since 2003.

Feb 02, 2017:

Children’s Medical Center of Dallas (Children’s) was recently given an OCR HIPAA civil money penalty of $3.2 Million due to ePHI disclosure and several years of HIPAA non-compliance. According to a Department of Health and Human Services (HHS) release, an unencrypted Blackberry device was lost in 2010 with the ePHI of 3,800 patients.  In a separate 2013 event, an unencrypted laptop was lost containing the ePHI of nearly 2,500 patients.Children’s paid the full civil penalty of $3.2 million, and was also issued a Notice of Final Determination.  The Notice of Final Determination means that the fined entity has exhausted all legal options and must pay the fine.

Companies are now looking towards hosting providers and specialists in HIPAA compliance. For these companies, it is important to select a hosting provider with knowledge and experience in managing environments in compliance with HIPAA/HITECH. Following these cases allows Connectria to develop new and more pervasive compliance services to better assist our customers.  If you would like additional information on these cases please contact us.

Since 2007, Connectria has been providing HIPAA Compliant Hosting Solutions in the cloud. Today, companies use Connectria’s broad HIPAA experience to accomplish and maintain compliance regardless of where their cloud lives, inside Connectria’s clouds or partner clouds such as Amazon or Microsoft.

Learn more about Connectria’s HIPAA Compliant Hosting Solutions.

Related Resources

 
It’s Time to Add Social Media to Your HIPAA Compliance Checklist
Whether they’re not-for-profits or more commercially focused operations, healthcare providers are in the business of healthcare. That means they care about developing relationships with their…
 
Know Your Audit Reports! More Advice on Vetting Cloud Providers
In a recent post, we discussed four ways to vet a cloud provider before trusting them with your mission-critical workloads. If you missed that post,…
 
It’s Time to Be Honest About IT
Most people are familiar with the saying fake it until you make it. We might even be able to name people who have made it…