Security News > 2020 > January > Ambulance Company Slapped With HIPAA Fine

Ambulance Company Slapped With HIPAA Fine
2020-01-02 20:18

Federal regulators have smacked a Georgia-based ambulance company with a $65,000 financial settlement and corrective action plan in a case involving "Longstanding" HIPAA compliance issues.

OCR's says its investigation "Uncovered longstanding noncompliance" with the HIPAA rules, including failures to conduct a risk analysis, provide a security awareness and training program and implement HIPAA Security Rule policies and procedures.

"Even if an entity does not end up paying a settlement amount or a civil money penalty, the investment of resources over time in responding to OCR data requests and in ensuring updated compliance efforts can be significant," says Peters, a former senior enforcement leader at OCR. "Entities are well served by doing the best they can with regard to HIPAA compliance before an OCR investigation, or at the beginning of the investigation, such that any investigation can be resolved quickly."

Healthcare organizations need to remember that "Encryption is key to risk avoidance by HIPAA covered entities and business associates, given that encryption to National Institute of Standards and Technology standards is a safe harbor under the HIPAA Breach Notification Rule," Peters notes.

The settlement with West Georgia Ambulance, announced Monday but completed last year, was OCR's ninth HIPAA enforcement action in 2019.


News URL

https://www.inforisktoday.com/ambulance-company-slapped-hipaa-fine-a-13572