Blog May 2, 2017

Recent HIPAA Violations Cost Healthcare Organizations Millions in Penalties

If your organization handles protected health information (PHI), you probably know that failure to comply with HIPAA regulations may result in significant fines as well as loss of business or reputation. Recently, the Office of Civil Rights (OCR) has completed its initial audits and have levied fines as a result.  Here are the recent HIPAA violations and the fines imposed by HHS.

April 25,2017:

The U.S. Department of Health and Human Services, (OCR), has announced a HIPAA settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI). CardioNet has agreed to settle potential noncompliance with the HIPAA Privacy and Security Rules by paying $2.5 million and implementing a corrective action plan. The cause of the fine was due to the loss of a company owned laptop containing the ePHI of nearly 1,400 patients.

April 20,2017:

The Center for Children’s Digestive Health (CCDH) has paid the U.S. Department of Health and Human Services $31,000 to settle potential HIPAA violations and agreed to implement a corrective action plan.  While conducting an investigation of a CCDH Business Associate, FileFax, the OCR found that neither FileFax nor CCDH could produce a signed Business Associate Agreement.  The two entities had been exchanging ePHI since 2003.

Feb 02, 2017:

Children’s Medical Center of Dallas (Children’s) was recently given an OCR HIPAA civil money penalty of $3.2 Million due to ePHI disclosure and several years of HIPAA non-compliance. According to a Department of Health and Human Services (HHS) release, an unencrypted Blackberry device was lost in 2010 with the ePHI of 3,800 patients.  In a separate 2013 event, an unencrypted laptop was lost containing the ePHI of nearly 2,500 patients.Children’s paid the full civil penalty of $3.2 million, and was also issued a Notice of Final Determination.  The Notice of Final Determination means that the fined entity has exhausted all legal options and must pay the fine.

Companies are now looking towards hosting providers and specialists in HIPAA compliance. For these companies, it is important to select a hosting provider with knowledge and experience in managing environments in compliance with HIPAA/HITECH. Following these cases allows Connectria to develop new and more pervasive compliance services to better assist our customers.  If you would like additional information on these cases please contact us.

Since 2007, Connectria has been providing HIPAA Compliant Hosting Solutions in the cloud. Today, companies use Connectria’s broad HIPAA experience to accomplish and maintain compliance regardless of where their cloud lives, inside Connectria’s clouds or partner clouds such as Amazon or Microsoft.

Learn more about Connectria’s HIPAA Compliant Hosting Solutions.

Related Resources

 
Cloud Governance vs. Cloud Management
In a recent survey, cloud governance was ranked as the second most pressing cloud challenge by 84% of enterprises and 73% of small and midsized…
 
The Starter’s Guide to Migrating Workloads to the Cloud
Most organizations are migrating to the cloud as part of their digital transformation efforts. But cloud services have developed and changed radically over the past…
 
Top Cloud Computing Security Issues and Challenges, and How IBM i Meets Them
There’s no doubt that cybersecurity has become the #1 challenge faced by IT departments today. And, with more and more companies moving workloads to the…