A MASSACHUSETTS HEALTH CARE PROVIDER AGREED TO PAY $1.5 MILLION TO SETTLE A HIPAA PRIVACY VIOLATION

            HHS’ Office of Civil Rights announced this week that a Mass. health care provider will pay a $1.5 million settlement to resolve a HIPAA privacy violation.   http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/meei-agreement.html.  The monetary settlement is part of a resolution agreement and the result of the alleged 2010 theft of a laptop computer that held 3,621 patient records.  The monetary settlement will be paid in three equal yearly $500,000 installments.  The provider will also adhere to a corrective privacy action plan and must permit semi-annual independent monitoring of its compliance plan for three years. 

             This significant monetary settlement once again demonstrates the importance of data security compliance plans for all health care providers and their insurers.   The OCR is sending a strong message that failure to comply with HIPAA Privacy and Security Rules will result in significant fines no matter the size of the breach.   Businesses and their insurers must understand the potential monetary risk for failure to implement a strong data security plan.