Skip Navigation LinksHome | Editors' Blog | Post

OCR still bites: HIPAA Hassle Costs Provider $2.5 million

Looks like the Trump administration is going full speed ahead with Office of Civil Rights (OCR) prosecution of HIPAA violations as yet another provider gets dinged with a multimillion-dollar fine.
 
OCR announced April 24 a settlement with telemetry supplier CardioNet regarding an incident involving a laptop containing protected health information (PHI) of 1,391 individuals that was stolen from a parked vehicle in January 2012. 
 
Not only is that a breach by HIPAA standards, but OCR judged that CardioNet had "insufficient risk analysis and risk management processes in place at the time of the theft." Its policies and procedures also were found inadequate. Security risk analysis and policies and procedures are fairly elementary HIPAA must-dos, which may be why CardioNet got hit with a $2.5 million penalty and a Resolution Agreement and Corrective Action Plan  requiring the breach be "cured" within 30 days and its HIPAA compliance brought up to speed within 60 days. 
 
There has been some speculation that HHS Secretary Tom Price would go easy on HIPAA enforcement, but the administration's first days have seen some other big-ticket settlements, including a $3.2 million settlement with the Children's Medical Center of Dallas. 
Blog Tags: HHS, Privacy, security
To comment, login here.
Reader Comments (0)

Login

User Name:
Password:
Welcome to the new Part B News Online. If you are a returning user having trouble logging in, please click here.
Back to top