2018 Was a Record Year for HIPAA Enforcement Actions
In 2018, Office for Civil Rights (OCR) settled 10 cases and was granted summary judgment in a case in Health Insurance Portability and Accountability Act (HIPAA) enforcement. The enforcement actions resulted in an all-time record year for OCR, with enforcement penalties collected totaling $28.7 million — a 22 percent increase from the last record year.
Enforcement Highlights for the Year
Out of the cases OCR was involved with, here are the most costly enforcement actions:
Fresenius Medical Care North America (FMCNA): In January 2018, FMCNA settled for $3.5 million with OCR for the five separate date breaches that occurred between February 23rd, 2012 and July 18th, 2012.
The University of Texas MD Anderson Cancer Center (MD Anderson): In June 2018, a Department of Health and Human Services (HHS) judge ruled in favor of OCR and ordered MD Anderson to pay $4.3 million in penalties for their HIPAA violations.
Anthem Inc: In October 2018, Anthem paid $16 million to OCR, an all-time record for most costly penalty, after a series of cyber attacks allowed criminals to steal the electronic personal information (ePHI) from nearly 79 million individuals from December 2nd, 2014 to January 27th, 2015.
Cottage Health: In December 2018, Cottage Health agreed to pay $3 million to OCR after two breaches exposed unsecured ePHI for 62,500 individuals.
What Does This Mean for My Organization?
The HIPAA Privacy and Security Rules are complex and violations can trigger expensive penalties. Fortunately, there are resources available from HHS to help covered entities comply with the HIPAA rules. These resources are available through HHS’ website on the following topic pages:
Security Risk Assessment Tool
Cyber Security Guidance
Breach Notification Guidance
Compliance & Enforcement
We’re also here to help. Contact SIA Group today for more information on HIPAA compliance.