Puerto Rico Blue Cross Blue Shield licensee Triple S Management Corporation has consented to pay a HIPAA infringement penalty of $3.5 million to the Department of Health and Human Services’ Office for Civil Rights. This is the second HIPAA infringement fine to be declared in the space of seven days. The organization was at that point hit with a HIPAA infringement fine of $6.8 million by the Puerto Rico Health Insurance Administration for an inability to conform to the HIPAA’s Privacy Rule a year ago.
The PRHIA fine was issued following the mailing of a leaflet that showed the Medicare Health Insurance Claim Numbers of supporters.
Successive Breaches of the HIPAA Rules Result in Significant HIPAA Infraction Fine
The punishment was declared to Triple S Management Corporation, in the interest of its auxiliaries as a punishment for various information breaks that had been endured as an immediate consequence of HIPAA-consistence disappointments. The principal information break happened in 2010 and included the burglary of PHI of 475,000 people. Various representatives of Triple-S left the organization and began working for an adversary insurance agency.
OCR Investigators Notice Numerous ‘Potential’ HIPAA Infringements
Just like the case with Lahey Hospital and Medical Center, a precise and careful hazard appraisal had not been led. Cignet Health consented to pay a HIPAA infringement fine of $4.3 million to settle HIPAA Privacy Rule infringement. A year ago, New York-Presbyterian Hospital (NYPH) and Columbia University consented to settle claimed HIPAA infringement with OCR and paid $4.8 million. 69% of that fine was secured by NYPH.
Increase in Agreements Exhibit OCR is using a Harder Line on Non-Compliance
A colossal number of information ruptures have been endured by HIPAA-shrouded elements in the previous two years, yet authorization exercises have been rare. OCR was as of late reprimanded for its absence of authorization – not out of the blue – by the OIG, and an expansion in money related punishments are normal.
Two settlements in the space of seven days ought to send a reasonable message to secured elements that rebelliousness isn’t an alternative, and that OCR is taking a harder line on violators of HIPAA Rules.