Arecord civil penalty demonstrates the importance of protecting health patient privacy and responding appropriately to federal regulators. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently assessed a $4.3 million civil monetary penalty against Cignet Health of Prince George’s County, Md., for violations of the HIPAA1 Privacy Rule.
This is the first fine assessed by the agency since the rule took effect in April 2003. The fine follows an investigation into events that occurred between September 2008 and October 2009 that, the OCR concluded, resulted in 41 separate violations of the HIPAA Privacy Rule.
Failure to Provide Requested Medical Records OCR initiated its investigations after receiving complaints from individuals that Cignet failed to provide requested health records within 30 days, and not later than 60 days after receiving a request, as required by the rules. OCR then directly requested the records from Cignet and issued a subpoena to compel their production. Cignet produced the medical records eventually, but only after being ordered to do so by a federal court. OCR then imposed a $1.3 million civil monetary penalty on Cignet for failing to provide copies of the requested records within the mandated time.
Please see full publication below for more information.