The $3.5 Million HIPAA Settlement: You Could Be Next

Recently, a $3.5 Million HIPAA settlement was announced on HHS.gov, “Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA is a provider of products and services for people with chronic kidney failure with over 60,000 employees that serves over 170,000 patients. FMCNA’s network is comprised of dialysis facilities, outpatient cardiac and vascular labs, and urgent care centers, as well as hospitalist and post-acute providers.”

Shortly after the announcement, the director of the Office for Civil Rights (OCR), stated, “The number of breaches, involving a variety of locations and vulnerabilities, highlights why there’s no substitute for an enterprise-wide risk analysis for a covered entity. Covered entities must take a thorough look at their internal policies and procedures to ensure they are protecting their patients’ health information in accordance with the law.”

Basically, if “there is no substitute for an enterprise-wide risk analysis,” then every organization’s compliance officer should be asking themselves right now, when was their last HIPAA Security Risk Analysis (SRA) and what were its findings?

Tune in to our upcoming webinar, How to Avoid a $3.5 Million HIPAA Fine, to learn how to perform a HIPAA SRA, understand recent enforcement regarding HIPAA SRA, and how to properly handle the findings after completing a HIPAA SRA.

Webinar Details Here >>

Questions or Comments?