Health & Human Services Getting Serious on HIPAA Violations

Posted 3.7.11 by

Cignet Health and Massachusetts General Hospital found out the HHS is getting serious about HIPAA violations. HHS imposed a $4.3 million penalty on Cignet Health for HIPAA violations and Mass General agreed to pay the Feds $1 million to settle potential HIPAA violations.

Mass General’s case involved the loss of protected health information (PHI) of 192 patients of Mass General’s Infectious Disease Associates outpatient practice.  That works out to over $5000 per record lost.  Cignet’s was found to violate 41 patients’ rights by denying them access to their medical records.

In 2010, Rite Aid agreed to pay $1 million to settle a HIPAA privacy case after failing to safeguard consumer information.

HIPAA has been in place for a long time now, but its enforcement and the financial impact of violations have been hard to pinpoint until recently.  With these cases, it’s become apparent that violations can be expensive.

IT shares the responsibility for HIPAA protection of all medical electronic records and patient information.  With the recent HIPAA enforcement actions, it’s becoming increasingly important that health care IT runs in a secure, audited data center.

IT can assure HIPAA compliant hosting by running its servers and data storage in HIPAA compliant data centers that address the physical, data and network security.  Ask to review the data center’s SAS 70 or SSAE 16 audit report and a copy of their HIPAA audit report.  The audit reports should specifically cover the processes for the data center’s physical security, network security and control of access to the data on the server.

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get in touch with an Otava Rep today – just provide us with a bit of information below to get started and we’ll reach out to you shortly!