The penalty is the first civil monetary penalty issued by the HHS for a covered entity’s violations of the HIPAA privacy rule. In Oct. 2010, HHS’ Office for Civil Rights determined that Cignet had violated the rights of 41 patients by denying them access to their medical records when requested. The denials of records made up $1.3 million of the $4.3 million penalty.
OCR also found Cignet had failed to cooperate in the agency’s investigation, refusing to produce records in response to an OCR subpoena. This violation totaled $3 million of the total penalty.
“It seems like an incredibly high penalty,” says Scott Becker, JD, CPA, a partner at McGuireWoods. “We would infer that the OCR found the conduct to be unusually egregious,” says Mr. Becker.
Read the HHS release on Cignet Health.
Read more about HIPAA:
– Protecting Patient Data to Protect Your Hospital: A Guide
– 3 Changes to HIPAA in the Interim Rule and Best Practices for Maintaining Compliance
At the Becker’s 32nd Annual Meeting: The Business and Operations of ASCs, taking place October 29-31 in Chicago, ASC leaders, surgeons and healthcare executives will explore strategies to drive growth, enhance operational performance, navigate reimbursement challenges and prepare for the future of ambulatory surgery. Apply for complimentary registration now.
