Cignet Health is facing a $4.3 M civil penalty after violating the HIPAA Privacy Rule and failing to cooperative with HHS’s subsequent probe. This is the first civil money penalty for a violation of HIPAA.
Lessons Learned: The Feds mean business and there will be more fines and lawsuits and more embarrassing headlines for health care organizations that do not take compliance, risk assessments and incident management seriously. Is your organization meeting all HIPAA/HITECH compliance requirements? Do you have the necessary documentation in place to provide HHS with information in the event of an audit? Does your documentation help your organization demonstrate all appropriate employees and business associates were aware and accountable for making the right decisions in different situations?