Avoidable Risks

Two large fines – $475,000 and $2,200,000 – were imposed recently on covered entities for HIPAA violations related to breaches of protected health information. Together they illustrate the importance of conducting a Risk Analysis, understanding the Breach Notification Rule, and implementing a Risk Management Plan. In addition to the fines, both covered entities must implement corrective action plans.

In the first one, Presence Health, a health care network in Illinois, will pay $475,000 to the Office of Civil Rights (OCR) because it failed to report a breach of protected health information in a timely manner. This is the first-ever settlement resulting from an untimely breach notification. Presence Health consists of approximately 150 locations, including 11 hospitals and 27 long-term care and senior living facilities. Presence also has multiple physicians’ offices and health care centers in its system and offers home care, hospice care, and behavioral health services. 

In the second, MAPFRE Insurance Company of Puerto Rico will pay $2,200,000 resulting from a stolen USB storage device from its IT department. MAPFRE administers and underwrites personal and group health insurance plans, among other insurance products and services. In its investigation, the OCR discovered that MAPFRE had failed to perform a risk analysis or implement a risk management plan and did not utilize encryption or similar security measure on its laptops and storage devices.  

Both of these situations could have been prevented, using policies and procedures contained in The HIPAA E-Tool®. The landing page of the E-Tool, shown below, contains easy to navigate tabs that lead directly to instructions about what to do. There is no need to be confused about how to comply. It’s all explained clearly and simply in The HIPAA E-Tool®.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Powered by JEMSU

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
Saint Louis, MO 63124

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free