« Medicare Upping Payments for Electronic Prescriptions | Main | NY Court of Appeals: Non-clinical Hospital Employees Not Eligible for Enhanced Healthcare Whistleblower Protection »

HHS OCR: No More Mr. HIPAA-Nice Guy

Until recently, lawyers advising clients on HIPAA issues could say that while HIPAA regulations give regulators the ability to impose some fairly significant fines, the focus of enforcement activities thus far has been on remediation and compliance. No longer:

The U.S. Department of Health & Human Services (HHS) has entered into a Resolution Agreement with Seattle-based Providence Health & Services (Providence) to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. In the agreement, Providence agrees to pay $100,000 and implement a detailed Corrective Action Plan to ensure that it will appropriately safeguard identifiable electronic patient information against theft or loss.

The $100,000 fine, while not stunning, is certainly meaningful enough to catch the attention of covered entities subject to HIPAA's strictures. Between this and the recent uptick of criminal prosecutions under HIPAA, a "no harm, no foul" compliance strategy is no longer a viable option.

HHS's press release is here. The Providence Corrective Action Plan can be accessed on the HHS website here.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

About

This page contains a single entry from the blog posted on July 22, 2008 8:23 AM.

The previous post in this blog was Medicare Upping Payments for Electronic Prescriptions.

The next post in this blog is NY Court of Appeals: Non-clinical Hospital Employees Not Eligible for Enhanced Healthcare Whistleblower Protection.

Many more can be found on the main index page or by looking through the archives.