HIPAA Penalties and Fines in Healthcare
Avoid costly fines associated with healthcare compliance
- In February, 2011, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) imposed its largest civil penalty to date—a $4.3 million civil penalty against Cignet Health for violations of HIPAA’s Privacy Rule.
- In July, 2012, the Minnesota Attorney General reached a $2.5 million settlement with Accretive Health, one of the United States’ largest collectors of medical debt, for the loss of a laptop containing personal health information (PHI) of approximately 23,500 patients from two hospitals that were customers of Accretive. A condition of the settlement prohibits Accretive from operating in Minnesota for two years.
- In March, 2012, Impairment Resources LLC, was forced to file for Chapter 7 bankruptcy when a nighttime burglary resulted in the breach of approximately 14,000 electronic patient records. Rather than face HIPAA data destruction violation penalties and civil suits from its customers for privacy breaches, the company simply closed its doors forever.
- The U.S. Department of Defense is the defendant in a $4.9 billion suit resulting from the theft of a computer backup tape from the car of one of the subcontractor’s employees of its business associate. The loss of this tape resulted in the PHI release for all 4.9 million federal employees in the possession of the business associate.
- A north California Healthcare provider was sued for $1 billion for the theft of one of its computers during a nighttime burglary containing unsecured PHI of all of its 944,000 patients.
- A Florida health plan provider is the defendant in a class action lawsuit for the theft of two unattended laptops from its headquarters containing PHI of all of its 1.2 million customers.
- Documented HIPAA-HITECH violations have occurred involving healthcare provider employees. For example, Huping Zhou, a former UCLA Healthcare System surgeon, was the first person sent to prison for intentionally viewing the PHI of co-workers, supervisors and celebrities after being told he was fired.
- Dale Munroe, a Florida hospital employee, was sentenced in January, 2013, to a year in prison for accessing medical records of 763,000 patients and selling that information for over $10,000.
The HIPAA data destruction penalties and fines are clearly rising in terms of economic impact and incarceration, so companies must take measures to protect themselves against all threats.
CentricsIT can help you deploy advanced disk sanitization or disk destruction methods to erase your data to HIPAA and Department of Defense NISPOM standards. For either procedure, CentricsIT will provide you a Certificate of Erasure or Destruction, backed up by our data security guarantee.