Corrective Action Plan and $100,000 Fine Illustrate Tougher HHS Stance on HIPAA Enforcement

Reprinted from REPORT ON PATIENT PRIVACY, the industry’s most practical source of news on HIPAA patient privacy provisions.

For the first time, a covered entity (CE) under the privacy and security rules has made a $100,000 payment to Uncle Sam and agreed to subject itself to three years of monitoring by HHS for losing unencrypted laptop computers and backup data more than two years ago.

Government officials, who announced the payment and corrective action plan (CAP) imposed on a Seattle-based health plan and home health agency on July 17, say the payment was not a “fine” and the organization did not admit any wrongdoing. But the news sent a chill through the privacy and security compliance community.

Read more on AIS Health

About the author: Dissent

Comments are closed.