Government and Provider Enter Into First-Ever HIPAA Privacy and Security Resolution Agreement

Written by Reed Tinsley | September 19, 2008

The HHS entered into a resolution agreement with Providence Health & Services (Providence) to settle potential violations of the HIPAA privacy and security rules. Pursuant to the resolution agreement, Providence agreed to pay the government $100,000, and develop and implement a Corrective Action Plan to ensure that it appropriately safeguards electronic patient information. This marks the first time that HHS has entered into a resolution agreement with a covered entity for possible violations of HIPAA, as no violations were admitted. The agreement stems from lost and stolen backup tapes, disks and laptops that contained the health information of approximately 400,000 patients. HHS had received more than 30 complaints about the missing tapes and laptops. Although the government has not been overly aggressive in enforcing HIPAA violations, this agreement shows that the federal government will step up HIPAA enforcement in cases in which unauthorized disclosure involves multiple patients and where HHS receives many complaints about the same incident. To view the settlement agreement, go here:

http://www.hhs.gov/ocr/privacy/enforcement/agreement.pdf

 

About the Author

Reed Tinsley CPA

This article is written by Reed Tinsley, a Houston, TX-based CPA with over 30 years of experience advising physicians and medical practices across Texas and the United States. Reed holds certifications as a Certified Valuation Analyst (CVA), Certified Healthcare Business Consultant (CHBC), and Certified Financial Planner (CFP), specializing exclusively in the healthcare sector. He is a published author, nationally recognized speaker, and trusted advisor to physicians on accounting & tax, practice management, and financial planning. Schedule a Free Consultation.

Have questions? I’m here to help.