Header graphic for print
HealtHITech Law HIPAA, HITECH and Beyond

Tag Archives: Corrective Action Plan

Largest HIPAA Settlement Announced by HHS

Posted in Breach, Enforcement

Many thanks once again to our colleague, Robin Canowitz, for authoring this post. In the largest HIPAA settlement yet to be announced, two New York organizations have agreed to pay $4.8 million to settle allegations that they failed to secure the electronic health information (ePHI) of thousands of their patients.  New York Presbyterian Hospital (NYP) and… Continue Reading

Dermatology Practice Hit With $150,000 HIPAA Penalty

Posted in Breach, Enforcement

2013 ended like it started – with OCR actively monitoring and enforcing health care provider HIPAA compliance.  On December 26, 2013, OCR imposed a $150,000 penalty and a corrective action plan upon a Massachusetts dermatology physician practice arising out of a self-reported HIPAA breach.   See Resolution Agreement. In October 2011, Adult & Pediatric Dermatology, P.C. of… Continue Reading

Alaska Medicaid Pays $1.7 Million to Settle HIPAA Violations

Posted in Enforcement

Last week, the Alaska Department of Health and Human Services (“Alaska DHHS”), the state’s Medicaid agency, agreed to pay U.S. Health and Human Services $1.7 million to settle alleged violations of the HIPAA Security Rule.  The HIPAA Security Rule protects health information in electronic form by requiring covered entities to use physical, technical, and administrative… Continue Reading

Blue Cross Blue Shield Settles HIPAA Violation With HHS for $1.5 Million

Posted in Enforcement

On March 13, 2012, HHS announced that Blue Cross Blue Shield of Tennessee (“BCBST”) has agreed to pay it $1.5 million to settle  potential HIPAA violations arising from the theft of 57 unencrypted computer hard drives from a leased facility in Tennessee.  This settlement is significant because it is OCR’s first enforcement action arising out… Continue Reading