Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: Healthcare provider pays $25,000 to OCR over alleged HIPAA Security Rule violations

The U.S. Department of Health & Human Services ('HHS') announced, on 23 July 2020, that Metropolitan Community Health Services ('MCHS'), operating as Agape Health Services, has agreed to pay $25,000 to the Office for Civil Rights ('OCR') at the HHS to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 ('HIPAA') Security Rule. In particular, the HHS highlighted that the OCR's investigation into MCHS's breach report of 9 June 2011 revealed longstanding and systemic non-compliance with the HIPAA Security Rule and that MCHS had not provided workforce members with security awareness training till 2016. In addition, the HHS outlined that, as part of the monetary settlement, the resolution agreement states that MCHS will undergo a corrective action plan which will include two years of monitoring.

You can read the press release here and the resolution agreement and corrective action plan here.

Feedback