To settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA), Steven A. Porter, M.D., P.C., (the Practice) has agreed to pay $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS). In addition to the $100,000 settlement, the Practice has entered into a two-year corrective action plan.
The Practice filed a breach report back in November 2013 claiming its business associate was impermissibly using the Practice’s patients’ electronic protected health information (ePHI). Upon its investigation, OCR found that Dr. Porter showed substantial noncompliance with HIPAA’s Security Rule by failing to conduct a thorough risk analysis of potential risks and vulnerabilities of its stored ePHI.
“All health care providers, large and small, need to take their HIPAA obligations seriously,” said OCR Director Roger Severino. “The failure to implement basic HIPAA requirements, such as an accurate and thorough risk analysis and risk management plan, continues to be an unacceptable and disturbing trend within the health care industry.”
The HIPAA Rules impose countless requirements covered entities must understand and implement or face costly outcomes for noncompliance. Learn how to navigate these many obligations with ComplianceDashboard: HIPAA Pro!
The information and content contained in this blog post are for general information purposes only, and does not, and is not intended to, constitute legal advice.