The Department of Health and Human Services is getting serious about its privacy enforcement responsibilities, announcing that it has imposed big penalties on two medical centers that violated the Health Insurance Portability and Accountability Act (HIPAA). HHS imposed a fine of $4.3 million on Cignet Health Center for ignoring the requests of patients who wanted access to their medical records and then failing to cooperate with an investigation into the incident by HHS's Office of Civil Rights. And Mass General agreed to pay $1,000,000 to settle charges that it had violated the HIPAA Privacy Rule when an employee accidentally left on the subway documents containing protected health information of 192 patients.
© Copyright 2011 Steptoe & Johnson LLP