Cignet Health in Temple Hills, Md., has been ordered to pay $4.3 million for violating the privacy rule of HIPAA, according to a news release from the Department of Health and Human Services.
The penalty is the first civil monetary penalty issued by the HHS for a covered entity’s violations of the HIPAA privacy rule. In Oct. 2010, HHS’ Office for Civil Rights determined that Cignet had violated the rights of 41 patients by denying them access to their medical records when requested. The denials of records made up $1.3 million of the $4.3 million penalty.
OCR also found Cignet had failed to cooperate in the agency’s investigation, refusing to produce records in response to an OCR subpoena. This violation totaled $3 million of the total penalty.
“It seems like an incredibly high penalty,” says Scott Becker, JD, CPA, a partner at McGuireWoods. “We would infer that the OCR found the conduct to be unusually egregious,” says Mr. Becker.
Read the HHS release on Cignet Health.
Read more about HIPAA:
– Protecting Patient Data to Protect Your Hospital: A Guide
– 3 Changes to HIPAA in the Interim Rule and Best Practices for Maintaining Compliance
