Contact Links2Success to have an in-house audit.  Leslie Canham can do your OSHA and Christine Taxin and- Robin Morrisette can do your billing and audit your accounts. 1914-450-2906

HIPAA settlements spiked in 2016, showing a trend toward tougher enforcement from the OCR.

When it comes to HIPAA audits and fines, it looks like the Office of Civil Rights (OCR) is just getting started. In 2016 alone, covered entities and business associates agreed to pay $23.5 million in settlements. That’s up from $6.17 million in 2015.

Here are five examples of the violations that led to these settlements, which ranged from $25,000 to $5.5 million. As you read, keep in mind covered entities large and small are held to these same standards.

Case One:
Violation: OCR alleged multiple violations and noncompliance issues, including three billed claims that had the wrong dates for treatment and the wrong codes for what was done.

Violation: Another example were chart notes that did not state the reason treatment was offered and why it should be done.
Violation: According to OCR, a malware infection potentially exposed the ePHI (electronic protected health information) of 1,670 individuals. A firewall was not in place to protect against such infiltrations.

Settlement: $650,000

Case Three:
Violation: Files containing ePHI were accessible by web search for 13 days.

Settlement: $2,140,500 and adherence to a corrective action plan.

Case Four:
Violation: After backup tapes of 14,000 ultrasound studies were lost, it was discovered that this covered entity did not have an updated associate agreement in place to keep PHI secure.

Settlement: $400,000

Case Five:
Violation: OCR concluded that this entity lacked adequate risk management security measures after a single data breach reportedly exposed the ePHI of 10,000 individuals.

Settlement: $2.75 million



Christine Taxin
36 Abington Avenue
Ardsley New York 10502
United States of America