HIPAA Compliance Goes Beyond Protecting Health Information

By: Dave Davidson

The Office of Civil Rights within the U.S. Department of Health and Human Services recently imposed $2,154,000 in civil money penalties against Jackson Health System in Miami, Florida for multiple violations of HIPAA.  The majority of the penalties were due to violations of the HIPAA Security and Breach Notification Rules, rather than for the actual breaches of confidentiality.  This action by the government underscores the importance of complying with all of HIPAA, and not just the requirements to safeguard Protected Health Information.Continue reading

PHI Breach Penalty Dollars Rolling in for Healthcare Enforcement

PHI Breach

PHI BreachBy: Dave Davidson

It has been a busy autumn for the enforcement of health care privacy rights.  Recent activities range from settling the claim for the largest HIPAA violation in US history, to penalties imposed for filming TV shows, to actions initiated by state governments.  All of these actions confirm the serious position taken by regulators nationwide to protect the privacy of protected health information (PHI).

The Big One

On October 15, 2018, Anthem, Inc., an independent licensee of Blue Cross, paid $16 million to settle its claim with the HHS Office of Civil Rights (OCR), for a breach that compromised the PHI of 79 million people.  This was the largest reported breach in history.  The PHI breach occurred in 2015, when hackers initiated a “spearfishing” attack via fraudulent emails.  The government found that Anthem lacked appropriate information system procedures to identify and respond to security breaches, and minimum access controls to stop these kinds of attacks.

In addition to the financial penalty, Anthem agreed to a corrective action plan, in which it agreed to perform a risk analysis, and incorporate the results of the analysis into its existing processes, in order to achieve a “reasonable and appropriate level” of HIPAA compliance.

This settlement is in addition to the $115 million settlement Anthem reached last year with the victims of the breach.Continue reading