States Privacy News

HIPAA Events

calendar

Events Webinars Training

$865,500 - University of California at Los Angeles Health System (UCLAHS)

Following an investigation by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the University of California at Los Angeles Health System (UCLAHS) has agreed to settle potential violations of the HIPAA Privacy and Security Rules for $865,500 and has committed to a corrective action plan aimed at remedying gaps in its compliance with the rules. | Resolution Agreement

$1,000,000 - Massachusetts General Hospital

The General Hospital Corporation and Massachusetts General Physicians Organization Inc. (Mass General) has agreed to pay the U.S. government $1,000,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today. | Press Release

$4.3 million - Cignet Health

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, Md., (Cignet) violated the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HHS has imposed a civil money penalty (CMP) of $4.3 million for the violations, representing the first CMP issued by the Department for a covered entity’s violations of the HIPAA Privacy Rule. | Press Release

$35,000 - Management Services Organization Washington, Inc. (MSO)

On December 13, 2010, the U.S. Department of Health & Human Services (HHS) entered into a Resolution Agreement with Management Services Organization Washington, Inc. (MSO), to settle potential violations of the Health Information Portability and Accountability Act Privacy and Security Rules.  This settlement arose from and was made in coordination with the HHS Office of the Inspector General and the U.S. Department of Justice, which had been investigating MSO for violations of the Federal False Claims Act. | Resolution Agreement

$1 million - Rite Aid Corporation and its 40 affiliated entities

Rite Aid Corporation and its 40 affiliated entities have agreed to pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today. In a coordinated action, Rite Aid also signed a consent order with the Federal Trade Commission (FTC) to settle potential violations of the FTC Act. | Resolution Agreement