HIPAA Violation Penalties Reach New Record in 2018
- The Office of Civil Rights (“OCR”), which enforces the Health Insurance Portability and Accountability Act (“HIPAA”), announced that it settled ten cases in 2018 and was granted summary judgment in another, collecting $28.7 million in payments. This exceeded OCR’s previous record year of $23.5 million.
- The final settlement of the year occurred in December, when Cottage Health, which operates four hospitals in California, agreed to pay $3 million. The settlement was based on two notifications Cottage Health provided to OCR regarding breaches of protected health information (“PHI”).
- The first breach concerned PHI on a Cottage Health server that was accessible from the internet, without needing a user name or password. The other breach involved a misconfigured server, which again exposed unsecured PHI over the internet.
- OCR’s investigation indicated a lack of a HIPAA risk assessment, insufficient security measures, no periodic evaluations of security, and no business associate agreement with at least one contractor that maintained PHI on behalf of Cottage Health.
More trending Health Law topics this week:
Multiple Providers Pay Millions in Fraud and Stark Settlements
Post a comment:
Ask the Blogger
Do you have a topic that you would like discussed in a future blog article? Please let us know. If you have a confidential question regarding a blog article, please feel free to contact the article's author directly, or let us know if you would like for someone to contact you directly.
James (Jim) A. Dietz is a Member at FBT who provides an array of legal services to hospitals, physicians, long-term care providers, diagnostic facilities, and others across the spectrum of patient care.