In December 2019, the Department of Health and Human Services’ Office for Civil Rights had two more enforcement actions taken against covered entities that were found to have broken the HIPAA Regulations.
The first financial penalty announced by OCR was for a settlement with Korunda Medical LLC. This was Korunda Medical LLC’s second financial penalty under OCR’s HIPAA Right of Access Initiative. OCR received a complaint from a patient whom Korunda Medical failed to furnish with a copy of her health records and so investigated the HIPAA-covered entity. OCR provided the provider with technical assistance, but another patient filed an identical complaint a couple of days later. Therefore, it was determined that a financial penalty was appropriate. Korunda Medical resolved the case by paying $85,000.
The second penalty issued was against West Georgia Ambulance because of multiple HIPAA Rules violations. OCR investigated the covered entity after receiving a breach report regarding a missing unencrypted laptop computer. OCR uncovered the long-drawn-out noncompliance of West Georgia Ambulance with respect to a number of areas of the HIPAA Regulations. The violations include not conducting a risk analysis, not providing employees with training on security awareness, and failing to implement the policies and procedures required by the HIPAA Security Rule. West Georgia Ambulance paid OCR $65,000 to settle the case.
HIPAA Enforcement Actions in 2019
In 2019, OCR issued a total of 10 financial penalties on covered entities and business associates. Two were Civil Monetary Penalties and 8 were settlements with total penalties of $12,274,000 paid.
The enforcement actions involved the following HIPAA-covered entities:
1. West Georgia Ambulance paid $65,000 as settlement
2. Korunda Medical, LLC paid $85,000 as settlement
3. Sentara Hospitals paid $2,175,000 as settlement
4. Texas Department of Aging and Disability Services paid $1,600,000 as Civil Monetary Penalty
5. University of Rochester Medical Center paid $3,000,000 as settlement
6. Jackson Health System paid $2,154,000 as Civil Monetary Penalty
7. Elite Dental Associates paid $10,000 as settlement
8. Bayfront Health St Petersburg paid $85,000 as settlement
9. Medical Informatics Engineering paid $100,000 as settlement
10. Touchstone Medical imaging paid $3,000,000 as settlement