OCR Levies Second-Biggest Health Insurance Portability and Accountability Act (HIPAA) Fine Ever

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that an insurance company based in Puerto Rico will pay the second-largest HIPAA settlement in the history of enforcement of the law. Triple-S Management Corporation agreed to pay $3.5 million and implement a rigorous HIPAA compliance program after an OCR investigation found multiple HIPAA violations. The settlement amount is close to the largest HIPAA fine ever assessed by OCR, when New York Presbyterian Hospital and Columbia University were fined $4.8 million in 2014 following a PHI breach.

The resolution agreement explains the HIPAA violations and the actions Triple-S must take going forward. Triple-S failed to put business associate agreements in place with outside vendors, failed to protect paper and electronic PHI, failed to conduct a risk analysis regarding electronic PHI, and failed to ensure that the minimum necessary amount of PHI was disclosed to carry about business operations. These failures led to multiple breaches of PHI, including an incident where former Triple-S employees working for a competitor were able to access Triple-S’s database because Triple-S never terminated the employees’ access, an incident in which a former employee burned PHI onto a CD and gave the PHI to a competitor, and multiple incidents in which a business associate breached PHI by printing PHI on the outside of paper mailings sent to members. The required HIPAA compliance program must include risk analysis, policies and procedures, and HIPAA training for all employees and business associates.

Covered entities should ensure that all business associates are covered by appropriate legal agreements and that business associates are working in compliance with HIPAA. OCR has indicated that HIPAA audits of both covered entities and business associates are coming in 2016.

About The Boon Group

The Boon Group® is a full service employee benefits company specializing in the design, implementation and administration of cost-effective fringe benefit plans for federal, state and local government contractors. Since 1982, The Boon Group has developed a partnership philosophy that expands beyond the products and services we offer. We stand with the employers and employees who, just like all who work at The Boon Group, are faced with the daunting task of navigating the U.S. healthcare system. Together, we can find a better way for all Americans to access healthcare. The Boon Group, Inc. is the parent holding company of The Boon Insurance Agency, Inc., Boon Administrative Services, Inc. (formerly named CEBA), Boon Insurance Management Services, L.P., Health & Welfare Benefit Systems, Inc. and Boon Investment Group, Inc. The Boon Group was formed to support and strengthen the position of these companies as a wholesaler of exclusive products and services. www.boongroup.com
This entry was posted in compliance, HIPAA, IT security, OCR, Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s