Health Care Provider Pays $100,000 Settlement to OCR for Failing to Implement HIPAA Security Rule Requirements

The practice of Steven A. Porter, M.D., has agreed to pay $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Dr. Porter’s medical…

Read More

$500,000 Fine Imposed on Physicians Group for HIPAA Violations and Not Having a Business Associates Agreement in Place

Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) and to adopt a substantial corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. ACH provides contracted…

Read More

Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules

Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA…

Read More

Whistleblowers Awarded Over $1 Million for Reporting Former Employer for Violations Under the False Claims Act

WASHINGTON – Pine Creek Medical Center LLC (“Pine Creek”), a physician-owned hospital serving the Dallas/Fort Worth area, has agreed to pay $7.5 million to resolve claims that it violated the False Claims Act by paying physicians kickbacks in the form of marketing services in exchange for surgical referrals, the Department of Justice announced today. “Health…

Read More

PHI of 28,000 Mental Health Patients Allegedly Stolen by Healthcare Employee

Center for Health Care Services (CHCS) in San Antonio, a provider of mental health treatment and support services for individuals with intellectual and developmental disabilities, has discovered documents containing the protected health information of patients have been stolen by a former employee. Breach notification letters have been sent to 28,434 patients who received services at…

Read More

Careless handling of HIV information jeopardizes patient’s privacy, costs hospital $387k

St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) has paid the U.S. Department of Health and Human Services (HHS) $387,200 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and agreed to implement a comprehensive corrective action plan. St. Luke’s operates the Institute for Advanced Medicine, formerly Spencer…

Read More

$2.5 million settlement shows that not understanding HIPAA requirements creates risk

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI). CardioNet has agreed to settle potential noncompliance with the HIPAA Privacy and Security Rules by paying $2.5…

Read More

Texas Health System Settles Potential HIPAA Disclosure Violations

Memorial Hermann Health System (MHHS) has agreed to pay $2.4 million to the U.S. Department of Health and Human Services (HHS) and adopt a comprehensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. MHHS is a not-for-profit health system located in Southeast Texas, comprised of…

Read More