Cignet Health in Temple Hills, Md., has been ordered to pay $4.3 million for violating the privacy rule of HIPAA, according to a news release from the Department of Health and Human Services.
The penalty is the first civil monetary penalty issued by the HHS for a covered entity’s violations of the HIPAA privacy rule. In Oct. 2010, HHS’ Office for Civil Rights determined that Cignet had violated the rights of 41 patients by denying them access to their medical records when requested. The denials of records made up $1.3 million of the $4.3 million penalty.
OCR also found Cignet had failed to cooperate in the agency’s investigation, refusing to produce records in response to an OCR subpoena. This violation totaled $3 million of the total penalty.
“It seems like an incredibly high penalty,” says Scott Becker, JD, CPA, a partner at McGuireWoods. “We would infer that the OCR found the conduct to be unusually egregious,” says Mr. Becker.
Read the HHS release on Cignet Health.
Read more about HIPAA:
– Protecting Patient Data to Protect Your Hospital: A Guide
– 3 Changes to HIPAA in the Interim Rule and Best Practices for Maintaining Compliance
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
