Health Information Compliance Alert
HHS Slams Provider With $1 Million HIPAA Fine for Lost PHI
PDF
Warning: HIPAA enforcement is ramping up. The feds don't seem afraid to use their HIPAA fining power, and it was one employee's innocent mistake that cost $1 million. The Department of Health and Human Services' Office of Civil Rights (OCR) has fined the General Hospital Corporation and Massachusetts General Physicians Organization Inc. in Boston $1 million over an incident where a Mass General employee left files on a subway train that were never recovered. "We hope the health care industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement," OCR Director Georgina Verdugo says in a release about the settlement. "It is a covered entity's responsibility to protect its patients' health information." And OCR has fined Cignet Health of Prince George's County, Md., more than $4.3 million for breaching the HIPAA Privacy Rule. "The fine is the first civil monetary penalty (CMP) ever imposed for a covered entity's violations of the HIPAA Privacy Rule," notes law firm Sidley Austin on its website. Cignet's fine came from failing to give patients' access to their protected health information (PHI) in their medical records, rather than accidentally revealing PHI. The high total was in part racked up due to the new willful neglect fines. "These cases, and HHS' apparent willingness to put them in the spotlight, demonstrate the agency's newfound commitment to investigating, uncovering and imposing penalties for HIPAA violations," notes law firm Duane Morris in an alert on the topic. Who might report a willful neglect violation? Most frequently, an employee who's been mistreated or terminated files such a complaint against the employer, says consultant Abner Weintraub, based on his experience as an expert witness in HIPAA cases. The second-most common scenario involves a patient filing a complaint, adds Weintraub, president of The HIPAA Group Inc. in Orlando, Fla. And HHS now can more easily track possible violations, thanks to HITECH Act provisions that require providers to notify the agency of HIPAA data breaches, Duane Morris points out.
Health Information Compliance Alert
- Electronic Health Records:
Beware: 'Audit-Proof' EHRs Don't Exist,' Experts Say
The responsibility is on your practice -- and not the software or software vendor --to ensure [...] - Enforcement:
HHS Slams Provider With $1 Million HIPAA Fine for Lost PHI
Warning: HIPAA enforcement is ramping up. The feds don't seem afraid to use their HIPAA [...] - Risk Management:
Target These 2 High-Risk HIPAA Areas
Do you have these protections in place for remote access? Some of the riskiest areas [...] - HIPAA:
'Willful Neglect' Violations May Eventually Expand to Stolen Laptops or Other Devices Containing Unencrypted PHI
It could happen, says HIPAA expert. Willful neglect violations can lead to some humongous fines. [...] - ICD-10:
Start Prepping Now for ICD-10 With 3 Mythbusters
You'll need to implement the new 5010 claim form first to be ready for ICD-10. [...] - Physician Quality Reporting System:
Know These 5 Common Pitfalls When Using PQRS
Once again, provider documentation could be the linchpin in your success. Whether you're new to [...] - Compliance:
Do Your Providers Meet Signature Requirements on Their Charts?
Answers to 2 common questions help ensure you're on track. Including provider signatures is a [...] - INDUSTRY NOTES
Ready for HIPAA 5010 Requirements? Providers already should be in Level I compliance, notes the [...]