HHS Gets Serious About Civil Monetary Penalties for HIPAA Violations

Until recently, the nearly decade-old regulations implementing the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) carried little bite. Even after the passage of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) in 2009, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) had done little in the way of enforcement actions. All of that changed in February of 2011, when the OCR significantly ramped up its enforcement of HIPAA. The OCR imposed the first civil monetary penalty for a HIPAA violation – a whopping $4.3 million – since the enactment of HIPAA and entered into a $1 million settlement with another provider for an alleged HIPAA violation.

Continue Reading…