HIPAA violations pack a hefty punch for Maryland-based clinics

For the first time, the U.S. Department of Health and Human Services (HHS) has issued a civil monetary penalty for violations to the Health Insurance Portability and Affordability Act (HIPAA). And the price tag is significant -- a whopping $4.3 million!

The unlucky recipient of this substantial penalty was Cignet Health Center, a group of clinics based in Prince Georges County, MD. The organization received the multimillion-dollar penalty for two key reasons: 1) Failing to share medical records with patients who requested them and 2) Failing to cooperate with an HHS investigation.

The case dates back to September 2008, when more than 40 Cignet patients came forward with complaints about not being able to get copies of their medical records to share with new doctors. The HHS Office of Civil Rights, which enforces HIPAA's privacy rule, gave the organization's executives two years to comply with the request to release documents and resolve the issue.

In spite of this and numerous other prompts by the agency (including letters, orders, multiple deadlines and hearings), Cignet didn't budge. Not until April 2010, that is. Without any explanation of its prior lack of cooperation, Cignet sent 59 boxes of medical records to the U.S. Department of Justice -- records that included those of the 41 patients, as well as 4,500 other patient whose records should have remained private. The damage was already done, however. Cignet levied a two-part fine: $3 million for not cooperating with the investigation and $1.3 million for not turning over the medical records requested by patients.

According to Rachel Seeger, spokeswoman for the HHS agency, "Cignet's failure to respond to the investigation was unprecedented."

This case sends a clear compliance message to all health care professionals: Follow the privacy rules and fully cooperate with investigations by the HHS ... or pay the price.

Would your HIPAA practices receive a clean bill of health? Be certain you're meeting all mandatory HIPAA laws, including recent changes made by the HITECH ACT, with the necessary forms and support materials.

No comments:


Labels :

Copyright (c) 2010. Blogger templates by Bloggermint