Healthcare Alert – Preventing Even a Single Costly HIPAA Violation is Worth the Effort

Download PDF version >

December 20, 2022 | By: Meagen E.W. Burrows, Philip D. Hixon, and Rhyder M. Jolliff

This week, the U.S. Department of Health & Human Services Office of Civil Rights (OCR) announced two five-figure settlements with healthcare providers resulting from their alleged HIPAA noncompliance. In each instance, the settlement stemmed from a patient complaint.

In the first case, the OCR announced a $20,000 settlement with a primary care provider who allegedly failed to act on a records access request submitted by a patient’s personal representative within the required period (usually 30 days), despite multiple requests. In the second case, the OCR announced a $23,000 settlement with a dentist that allegedly impermissibly disclosed patient protected health information (the patient’s name, treatment, and insurance information) in response to negative online reviews. Other allegations include failures to provide a Notice of Privacy Practices and implement privacy policies and procedures. Both violations could have been avoided with meaningful training.

In addition to the monetary settlements, both providers are subject to corrective action plans that include two years of OCR monitoring. The penalties align with OCR’s promise to ensure regulated entities appropriately safeguard patients’ protected health information.

These settlement announcements are a reminder that even a single, easily avoidable HIPAA violation can be costly. Providers should ensure they have appropriate policies and procedures in place, including:

  • reviewing and training staff on regulatory obligations, policies and procedures
  • identifying potential compliance gaps that may result in violations
  • ensuring policies and procedures are comprehensive and up-to-date
  • contacting your legal provider when a complaint is received

Our Healthcare Practice Group can help providers navigate HIPAA compliance issues. Please contact one of our healthcare attorneys to discuss any questions you may have:

Philip D. Hixon

phixon@gablelaw.com

918-595-4831

This alert is provided as a summary for information purposes. It does not contain legal advice or create an attorney-client relationship. It is not intended or written to be used and may not be used by any person to avoid penalties imposed under Oklahoma laws. The information provided should not be taken as an indication of future legal results; any stated information should not be acted upon without consulting legal counsel.