We offer updates on national on regional issues such as malpractice defense, regulatory compliance, labor and employment issues and estate planning.
Don’t let your clients get caught paying a “big” settlement for failing to report a HIPAA breach! For the first time, the Office of Civil Rights (OCR) has announced a HIPAA settlement with a provider who failed to provide a timely breach report. Presence Health, a health network serving Illinois with approximately 150 locations, including 11 hospitals and 27 long-term care and senior living facilities, has been ordered to pay a $475,000 HIPAA settlement and being directed to implement a corrective action plan because it failed to report a breach in a timely manner.
Advocate Health Care Network, the largest fully-integrated health care system in Illinois, agreed to the largest HIPAA Settlement to be paid by a single entity for potential penalties in the amount of $5.55M. The alleged long term non-compliance resulting in this settlement included four failures to comply with HIPAA including: failure to adequately conduct risk assessments, failure to limit physical access to ePHI, failure to obtain Business Associate Agreements, andfailure to safeguard an unencrypted laptop from an unlocked car overnight.
It is well known that health care providers have a duty to comply with HIPAA when providing medical records upon request. Don’t forget health care providers in Illinois also have a duty to comply with the Mental Health Developmental Disabilities Confidentiality Act. 740 ILCS 110/1.
Office of Civil Rights (OCR) Director Jocelyn Samuels has made it clear that the “OCR remains committed to strong enforcement of the HIPAA Rules.” The latest settlement announced on 11/30/15 concerning Triple-S, an insurance holding company offering a wide range of insurance products and services, demonstrates just how committed the OCR is when it comes to HIPAA compliance. This settlement included payment of $3.5 Million and adopting a corrective action plan to implement a robust and comprehensive HIPAA compliance program pursuant to the Resolution Agreement entered by Triple-S.