HIPAA Settlement
MMG Fusion Breach Affecting 15 Million Patients Results in HIPAA Settlement
HHS Office for Civil Rights announced a settlement with MMG Fusion, LLC, a Maryland-based dental software company, following a data breach that affected approximately 15 million individuals — one of the largest breaches in HIPAA enforcement history. MMG Fusion agreed to pay $10,000 and implement a corrective action plan to resolve potential violations of the…
Read MoreConcentra Inc. Pays $112,500 to Settle HIPAA Right of Access Violations
HHS Office for Civil Rights announced a $112,500 settlement with Concentra, Inc., a national occupational health services company, to resolve potential violations of the HIPAA Right of Access Rule. OCR’s Right of Access Initiative, launched in 2019, continues to hold covered entities accountable for failing to provide patients timely and affordable access to their own…
Read MoreSolara Medical Supplies Pays $3 Million to Settle HIPAA Security Rule Violations
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a $3 million settlement with Solara Medical Supplies, a California-based supplier of insulin pumps and continuous glucose monitors, resolving potential violations of the HIPAA Security Rule and Breach Notification Rule. The case stemmed from a 2019 phishing attack that compromised…
Read MoreGulf Coast Pain Consultants Hit with $1.1 Million HIPAA Civil Monetary Penalty
HHS Office for Civil Rights imposed a $1.1 million civil monetary penalty (CMP) against Gulf Coast Pain Consultants, a Florida-based pain management practice, for widespread failures to comply with the HIPAA Security Rule. OCR’s investigation found that Gulf Coast Pain Consultants had not implemented the foundational administrative, physical, and technical safeguards required to protect electronic…
Read MoreAnthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History
Anthem, Inc. has agreed to pay $16 million to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules after a series of cyberattacks led to the largest U.S. health…
Read MoreFailure to Protect Health Records Costs Covered Entity Millions and Leads to Bankruptcy
21st Century Oncology, Inc. (21CO) has agreed to pay $2.3 million in lieu of potential civil money penalties to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and adopt a comprehensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and…
Read MoreWhistleblowers Awarded Over $1 Million for Reporting Former Employer for Violations Under the False Claims Act
WASHINGTON – Pine Creek Medical Center LLC (“Pine Creek”), a physician-owned hospital serving the Dallas/Fort Worth area, has agreed to pay $7.5 million to resolve claims that it violated the False Claims Act by paying physicians kickbacks in the form of marketing services in exchange for surgical referrals, the Department of Justice announced today. “Health…
Read MoreCareless handling of HIV information jeopardizes patient’s privacy, costs hospital $387k
St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) has paid the U.S. Department of Health and Human Services (HHS) $387,200 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and agreed to implement a comprehensive corrective action plan. St. Luke’s operates the Institute for Advanced Medicine, formerly Spencer…
Read More$2.5 million settlement shows that not understanding HIPAA requirements creates risk
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI). CardioNet has agreed to settle potential noncompliance with the HIPAA Privacy and Security Rules by paying $2.5…
Read More$5.5 million HIPAA settlement shines light on the importance of audit controls
Memorial Healthcare System (MHS) has paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules and agreed to implement a robust corrective action plan. MHS is a nonprofit corporation which operates six hospitals, an…
Read More