HHS collects millions in settlement costs resolving 5 breaches at a single entity

Waltham, Mass.-based Fresenius Medical Care North America will pay HHS' Office for Civil Rights $3.5 million to settle allegations it violated HIPAA rules in 2013. As part of the settlement, the organization also agreed to adopt a comprehensive corrective action plan.

FMCNA provides products and services to people with chronic kidney failure. The entity serves over 170,000 patients in its network of dialysis facilities, outpatient cardiac and vascular labs, and urgent care centers, as well as hospitalist and post-acute providers.

FMCNA filed five breach reports in January 2013 for separate incidents occurring between February 2012 and July 2012. The incidents, which compromised patients' electronic protected health information, each occurred at different FMNCA locations throughout the U.S.

HHS' OCR investigated the reports, and it found the five FMCNA covered entities failed to conduct an accurate risk analysis of potential risks and vulnerabilities to the confidentiality, integrity and availability of its ePHI.

"The number of breaches, involving a variety of locations and vulnerabilities, highlights why there is no substitute for an enterprise-wide risk analysis for a covered entity," said OCR Director Roger Severino. "Covered entities must take a thorough look at their internal policies and procedures to ensure they are protecting their patients' health information in accordance with the law."

More articles on legal & regulatory issues:

House committee leader says HHS withheld information, threatens subpoena
Montana nurses sue state over law mandating physicians perform abortions
CMS must use new technology to comply with looming MACRA requirements

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers