The Kansas Attorney General fined Pearlie Mae’s Compassion and Care LLC in Topeka, Kansas together with its owners for its failure to protect patient and employee records. The civil monetary penalty amounted to $8,750.
According to the HITECH Act, attorneys general have the authority to enforce HIPAA rules. When covered entities and business associates do not comply with HIPAA regulations, they can take action against such entities. In the case against Pearlie Mae’s Compassion and Care LLC, Attorney General Derek Schmidt penalized the owners for violating the Wayne Owen Act, which is included in the Kansas Consumer Protection Act.
The violation was discovered in June 2017 when some special agents from the Kansas attorney general’s office were helping the Topeka Police Department execute a search warrant at the home of Ann Marie Kaiser. The home of Kaiser, who is part-owner of Pearlie Mae’s Compassion and Care, was used as an office for the company. During the search, the agents saw unsecured medical records in plain sight.
The medical records included personal information such as Social Security numbers, financial account numbers and driver’s license numbers. If unauthorized persons in the property viewed the information, it could be used to harm individuals whose information was compromised.
The attorney general’s office issued a civil penalty for failure to:
- maintain appropriate procedures and practices in keeping the information
- exercise care to protect personal information
- take reasonable steps to dispose of records no longer needed
These are violations of K.S.A. 50-6,139b(b)(l) and K.S.A. 50-6,139b(b)(2).
Aside from paying the financial penalty, Pearlie Mae will also pay the costs incurred by the Attorney general’s office in the conduct of the investigation amounting to $1,250. Moreover, the entity agreed to make the necessary changes in its policies and procedures in compliance with the Wayne Owen Act.