4 healthcare organizations that paid $1M+ this year to settle HIPAA violations

Jackie Drees –
Friday, October 16th, 2020
Print|Email.

Here are four of the largest HIPAA settlements so far this year.

Throughout 2020, health care organizations have accepted pay countless dollars to settle HIPAA violations with HHS Office for Civil Rights.

1. Premera Blue Cross agreed to pay OCR $6.85 million to settle possible infractions associated with a HIPAA breach that impacted more than 10.4 million individuals. The settlement is the second biggest payment to resolve a HIPAA investigation, which focused on a 2014 e-mail phishing attack on Premeras systems that lasted for 9 months and exposed 10.4 million people safeguarded health information.

2. A Community Hospital Systems entity that offers company associate services to clinics and hospitals agreed in September to settle offenses associated with a prospective HIPAA breach for $2.3 million. The business provides IT, health info management and other services to the centers and health centers owned by Franklin, Tenn.-based CHS.

3. Athens (Ga.) Orthopedic in September consented to pay $1.5 million to settle HIPAA noncompliance related to a 2016 EHR hacking incident that exposed 208,557 individuals information. The client records were posted online for sale by the hackers.

4. Providence, R.I.-based Lifespan concurred in July to settle a prospective HIPAA violation related to a stolen laptop for simply over $1 million. Life-span reported the breach in April 2017 as affecting 20,431 individuals, and OCR discovered that the health system had systemic noncompliance with HIPAA rules, consisting of failure to secure electronic safeguarded health information along with an absence of gadget and media controls.

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

Premera Blue Cross concurred to pay OCR $6.85 million to settle potential infractions related to a HIPAA breach that affected more than 10.4 million individuals. A Community Hospital Systems entity that supplies company associate services to clinics and hospitals agreed in September to settle infractions related to a possible HIPAA breach for $2.3 million. Athens (Ga.) Orthopedic in September concurred to pay $1.5 million to settle HIPAA noncompliance associated to a 2016 EHR hacking incident that exposed 208,557 individuals info. Providence, R.I.-based Lifespan agreed in July to settle a potential HIPAA offense associated to a stolen laptop computer for just over $1 million.

More posts on cybersecurity: Medical tech charged in client sex assault has history of browsing health center records of women, cops saySouth Carolina health center billing error mixed up addresses for 12,636 patientsOhio hospital reopens inpatient system 3 weeks after cyberattack; system still not totally online.