Fifth Circuit Decision Motivates Covered Entities to Appeal Unreasonable Enforcement Outcomes

Share

The United States Court of Appeals for the Fifth Circuit (the “Court”) vacated a $4,348,000 civil monetary penalty (“CMP”) imposed by the U.S. Department of Health and Human Services’ Office for Civil Rights (“HHS-OCR”) in 2017 against the University of Texas M.D. Anderson Cancer Center (“MD Anderson”) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule and HIPAA Security Rule. The Court held that OCR’s actions were “arbitrary, capricious, and otherwise unlawful” and remanded the case for further proceedings. While the case is not binding precedent outside the Fifth Circuit, MD Anderson is the first HIPAA Covered Entity to appeal its fine to a Circuit Court since the HIPAA Privacy Rule and the HIPAA Security Rule took effect. The ruling likely will motivate future HIPAA settlement negotiations with HHS-OCR and encourage HIPAA Covered Entities to appeal enforcement outcomes they consider unreasonable.

Continue reading “Fifth Circuit Decision Motivates Covered Entities to Appeal Unreasonable Enforcement Outcomes”

Community Health Systems Enters Into Five-Million-Dollar, Multi-State Settlement Agreement in Connection with 2014 Data Breach

Share

On October 8, 2020, Community Health Systems, Inc. (Community Health) and its subsidiary CHSPSC, LLC entered into a settlement agreement with 28 states for $5 million to resolve claims related to a 2014 data breach. Community Health owns over 200 hospitals across the United States and is one of the largest hospital networks in the country. The multi-state settlement follows a separate $2.3 million settlement that Community Health reached with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) in connection with the same data breach.

Continue reading “Community Health Systems Enters Into Five-Million-Dollar, Multi-State Settlement Agreement in Connection with 2014 Data Breach”

$100,000 HIPAA Settlement With Solo Physician Practice

Share

Dr. Steven A. Porter, M.D., P.C. (Dr. Porter’s Practice) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $100,000 no-fault settlement agreement and two year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading “$100,000 HIPAA Settlement With Solo Physician Practice”

Ambulance Company Agrees to $65,000 OCR Settlement for HIPAA Noncompliance

Share

West Georgia Ambulance, Inc. (West Georgia) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $65,000 no-fault settlement agreement and two year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading “Ambulance Company Agrees to $65,000 OCR Settlement for HIPAA Noncompliance”

$3 Million OCR HIPAA Settlement Due to Lost Flash Drive and Stolen Laptop

Share

The University of Rochester Medical Center (URMC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $3 million no-fault settlement agreement and two year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading “$3 Million OCR HIPAA Settlement Due to Lost Flash Drive and Stolen Laptop”

$2.15 Million Civil Money Penalty for HIPAA Violations

Share

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services imposed a $2,154,000 civil money penalty (CMP) against Jackson Health System (JHS) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Security and Breach Notification Rules, stemming from various instances of noncompliance that occurred between 2013 and 2016.

Continue reading “$2.15 Million Civil Money Penalty for HIPAA Violations”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy