Thursday, March 3, 2011

HHS Imposes a $4.3 Million Penalty for Violations of the HIPAA Privacy Rule

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has imposed a civil money penalty (CMP) of $4,300,000 for violations of the HIPAA Privacy Rule.

The $4.3 million penalty is based on the increased penalty amounts authorized by Section 13410(d) of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

OCR found that Cignet Health of Prince George’s County, Md., (Cignet) violated 41 patients’ rights between September 2008 and October 2009. These patients individually filed complaints with OCR, initiating investigations of each complaint. The civil money penalty for these violations is $1.3 million.
"The U.S. Department of Health and Human Services is serious about enforcing individual rights guaranteed by the HIPAA Privacy Rule." - Kathleen Sebelius, HHS Secretary
OCR also found that Cignet failed to cooperate with OCR’s investigations and that the failure to cooperate was due to Cignet’s willful neglect to comply with the Privacy Rule. Covered entities are required under law to cooperate with the Department’s investigations. The civil money penalty for these violations is $3 million.

Individuals who believe that a covered entity has violated their (or someone else’s) health information privacy rights or committed another violation of the HIPAA Privacy or Security Rule may file a complaint with OCR at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.

Sources:
(a) HHS imposes a $4.3 million civil money penalty for violations of the HIPAA Privacy Rule - HHS Press Office, February, 2011

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.