States Privacy News

HIPAA Events

calendar

Events Webinars Training

$1.5 million - Massachusetts Eye and Ear Infirmary

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (collectively referred to as “MEEI”) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential violations of the HIPAA Privacy and Security Rules. | HHS Press Release

$50,000 - Hospice of North Idaho (HONI)

The Hospice of North Idaho (HONI) has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  This is the first settlement involving a breach of unsecured electronic protected health information (ePHI) affecting fewer than 500 individuals. | HHS Press Release

$1.7 million - Alaska Department of Health and Human Services (DHHS)

Alaska Department of Health and Human Services (DHHS) has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. | Resolution Agreement

$100,000 - Phoenix Cardiac Surgery

Phoenix Cardiac Surgery, P.C., of Phoenix and Prescott, Arizona, has agreed to pay the U.S. Department of Health and Human Services (HHS) a $100,000 settlement and take corrective action to implement policies and procedures to safeguard the protected health information of its patients. | Press Release

$1,500,000 - Blue Cross Blue Shield of Tennessee (BCBST)

Blue Cross Blue Shield of Tennessee (BCBST) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1,500,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, Leon Rodriguez, Director of the HHS Office for Civil Rights (OCR), announced today.  BCBST has also agreed to a corrective action plan to address gaps in its HIPAA compliance program.  The enforcement action is the first resulting from a breach report required by the Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule. | Press Release