HIPAA Fine Violation Spotlight

HIPAA Fines Charged For Security and Privacy Rule Violation


The Health Insurance Portability and Accountability Act (HIPAA) is a complicated set of best practices, expectations, and procedures. It is always evolving and being added to with new standards as our technology improves. 

At times, it can feel overwhelming.

If you’re a small medical practice without a dedicated security officer, what do you do to tackle the workload? There are programs, software, or third party vendors who can help you work through the steps. Healthcare Technology Advisors handles HIPAA risk assessments and policies for many of our clients, along with our technology and legal partners. 

Even though this represents a cost, it can no longer be ignored. In December 2017, the Office for Civil Rights (OCR) initiated a compliance review of Peachstate Health Management, LLC. Based in Georgia, this medical practice was doing business as AEON Clinical Laboratories and providing diagnostic and laboratory tests, including genetic testing services.

Note that there was no data breach that caused the OCR to act. However, in their investigation they found systemic non-compliance with the HIPAA Privacy and Security Rules. Peachstate had failed to conduct the mandatory risk assessments, had no risk management and audit controls, and did not document their HIPAA policies and procedures.

The cost of Peachstate’s non-action was a $25,000 settlement. 

“Clinical laboratories, like other covered health care providers, must comply with the HIPAA Security Rule.  The failure to implement basic Security Rule requirements makes HIPAA regulated entities attractive targets for malicious activity, and needlessly risks patients’ electronic health information,” said Robinsue Frohboese, Acting OCR Director. “This settlement reiterates OCR’s commitment to ensuring compliance with rules that protect the privacy and security of protected health information.”   

Healthcare Technology Advisors has several options to help your practice implement Security Rules. 

Don’t know where to start?

Start by going to htadvisorsllc.com/mitigate-hipaa-risks to take our HIPAA Readiness Quiz and learn what areas your practice needs to focus on first. Then call us at (314)312-4701 and let us help you get your HIPAA house in order.