Support Centre

USA: Healthcare provider pays $25,000 to OCR over alleged HIPAA Security Rule violations

The U.S. Department of Health & Human Services ('HHS') announced, on 23 July 2020, that Metropolitan Community Health Services ('MCHS'), operating as Agape Health Services, has agreed to pay $25,000 to the Office for Civil Rights ('OCR') at the HHS to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 ('HIPAA') Security Rule. In particular, the HHS highlighted that the OCR's investigation into MCHS's breach report of 9 June 2011 revealed longstanding and systemic non-compliance with the HIPAA Security Rule and that MCHS had not provided workforce members with security awareness training till 2016. In addition, the HHS outlined that, as part of the monetary settlement, the resolution agreement states that MCHS will undergo a corrective action plan which will include two years of monitoring.

You can read the press release here and the resolution agreement and corrective action plan here.