Health Care Law Blog
The United States Department of Health and Human Services' Office for Civil Rights (OCR) recently imposed a civil monetary penalty of just over $4.3 million against Cignet Health of Prince George's County, Maryland (Cignet). Forty-one patients had filed complaints with OCR after being denied access to their medical records by Cignet. OCR investigated the matter and determined that Cignet had indeed violated the patients' rights by denying them access to their medical records. The penalty for these violations was $1.3 million. However, Cignet also failed to cooperate with the OCR investigation, and was fined an additional $3 million for such failure.
Mere weeks after this penalty was issued, Massachusetts General Hospital (Mass General) signed a Resolution Agreement with OCR pursuant to which Mass General agreed to pay the federal government $1 million to settle potential HIPAA violations. These potential violations stemmed from the loss of protected health information when an employee, who was commuting to work, left 192 patient records on a train. These records were never recovered.
The government is clearly stepping up its enforcement of the HIPAA privacy and security rules. Those organizations required to comply with HIPAA should review their policies and procedures to ensure that patient information is being adequately protected. If you would like assistance in developing or updating your HIPAA policies and procedures or have a potential HIPAA violation that you would like to discuss please contact Attorney Johanna M. Novak at 517.371.8231 or 906.226.5501.
