The Health and Human Services Office of Civil Rights announced this week that a Massachusetts health care provider – Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc., or “MEEI” – will pay a $1.5 million settlement to resolve a HIPAA privacy violation. The monetary settlement is part of a resolution agreement regarding the data breach of 3,621 patient records. The monetary settlement will be paid in three annual installments of $500,000. MEEI must also adhere to a corrective privacy action plan and permit semi-annual independent monitoring of its compliance plan for three years.
This monetary settlement demonstrates the importance of data security compliance plans for all health care providers and their insurers. Government regulators are sending a strong message that failure to comply with HIPAA Privacy and Security Rules will result in significant fines no matter what the size of the breach. Businesses and their insurers must understand the potential monetary risk of failing to comply with information security regulations.
In this case 3,621 patient records resulted in a fine of $1.5 million. How many patient records does your healthcare enterprise encompass? If you’re not compliant, or you doubt the security of your compliance solution, the time to take action is now.
Read the HHS OCR press release: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/meei-agreement.html