Below is an outline of all HIPAA infringement cases that have brought about settlements with the Department of Health and Human Services' Office for Civil Rights (OCR), including cases that have been sought after by OCR after potential HIPAA infringement were found amid information rupture examinations, and examinations of protestations put together by patients and social insurance representatives.

OCR has expanded its implementation exercises in the course of recent years, with more HIPAA infringement cases bringing about money related punishments, including repayments and common financial punishments. So far in 2017, there have been nine money related punishments issued to determine HIPAA infringement cases. In 2016, a record year for implementation of HIPAA Rules, there were 12 repayments and one common fiscal punishment issued to determine HIPAA infringement cases.

By expanding its requirement action, OCR is making an impression on every single secured substance, vast and little, that infringement of HIPAA Rules won't go on without serious consequences.

What are the Consequences of Violating HIPAA?

There are sever consequences of HIPAA violation. It is important to note the fines when the violations are a concern.

The HIPAA violation are in the domain of HHS’ Office of Civil Rights (OCR). The fines can be applied even there is no breach occurred in PHI. Financial penalties imposed depends of the level of negligence by the Medical office and the level of breach which has occurred.

HIPAA violation because of ignorance and not taking proper measures can lead a fine of $ 100 - $ 50,000

Even you have imposed strict vigilance, and HIPAA compliance has been violated it may cause you a fine of $ 1000 – 50,000

A violation because of determined disregard which is rectified inside thirty days will pull in a fine of somewhere in the range of $10,000 and $50,000.

A violation because of unshakable disregard which isn't amended inside thirty days will draw in the most extreme fine of $50,000.

The penalties mentioned above are the fines which can be issued by Office of Civil Rights. Attorney Generals also has the power to issue fine in case of PHI breach.

There is also a possibility of civil law suit for damages incurred.

Which leads up to $ 1.5 million per violation.

There are few cases in past for HIPAA violation. For a review.

CardioNet – Impermissible Disclosure of PHI

A $2.5 million settlement has been concurred with CardioNet to determine potential HIPAA Violation. CardioNet is a Pennsylvania-based supplier of remote mobile monitoring and QRF services to patients in danger for heart arrhythmias. Settlement have recently been concurred with Health Care Provider, Health Planners, and business partners of covered entities, yet this is the first-run through OCR has settled potential HIPAA infringement with a remote healthcare provider.

Metro Community Provider Network – Lack of Security Management Process

The Department of Health and Human Services’ Office for Civil Rights (OCR) has taken action against a Denver, CO-based federally-qualified health center (FQHC) for security management process failures that contributed to the organization experiencing a data breach in 2011. Metro Community Provider Network (MCPN) has agreed to pay OCR $400,000 and adopt a robust corrective action plan to resolve all HIPAA compliance issues identified during the OCR investigation. 

Children’s Medical Center of Dallas – Impermissible Disclosure of ePHI

The Department of Health and Human Services’ Office for Civil Rights has announced that Children’s Medical Center of Dallas has paid a civil monetary penalty of $3.2 million to resolve multiple HIPAA violations spanning several years. OCR attempted to resolve the matter via informal means between November 6, 2015, to August 30,2016, before issuing a Notice of Proposed Determination on September 30, 2016

Presense Health – Delayed Breach Notifications

Presence Health, one of the largest healthcare networks serving residents of Illinois, has agreed to pay OCR $475,000 to settle potential HIPAA Breach Notification Rule violations. Presence Health took three months to issue breach notifications, when the Breach Notification Rule requires notifications to be sent within 60 days of the discovery of a breach. 

St. Joseph Health – Not Complying and failure to Conduct Risk Analysis

Presentation of ePHI as an immediate consequence of the inability to direct a complete hazard examination and a security appraisal on a server preceding utilizing it to share records containing ePHI. The server had been acquired and a document sharing application introduced, yet no progressions were made to the application. The default security settings were left set up, which permitted any person with an Internet association with access the ePHI in the documents. St. Joseph Health has consented to pay OCR $2,140,500

Care New England Health System – Violation in term of Business Associate Agreement.

The Department of Health and Human Services' Office for Civil Rights has declared it has proceeded at a settlement with Care New England Health System (CNE) to determine affirmed violation of the Health Insurance Portability and Accountability Act (HIPAA). CNE is required to pay a monetary punishment of $400,000 and must receive an exhaustive Corrective Action Plan (CAP) to address different zones of HIPAA resistance.

Oregon Health & Science University – Violation in term of Business Associate Agreement.

Oregon Health and Science University (OHSU) has consented to settle a case with the Department of Health and Human Services' Office for Civil Rights coming from two information breaches experienced in 2013. A fine of $2.7 million will be paid by OHSU to settle claimed HIPAA infringement without confirmation of obligation. The security breaks happened not long after one another in 2013. Inside the space of three months, the ensured wellbeing data of more than 7,000 patients was uncovered.

New York Presbyterian Hospital – Filming Patients without their knowledge.

The Department of Health and Human Services' Office for Civil Rights (OCR) has fined New York Presbyterian Hospital (NYP) $2.2 million for enabling patients to be taped for a TV appear without acquiring earlier consent from the patients. An ABC group was allowed to film inside NYP offices for the show "NY Med" highlighting Dr. Mehmet Oz. Various patients were shot, however consent had not been acquired.