In July, the HHS Office for Civil Rights (OCR) reached a $35,000 settlement with Agape Health Services, a federally qualified health center in rural Washington, North Carolina. In an exclusive interview, Clifton Gray III, the chief compliance officer for Agape, told RPP that OCR initially had proposed a fine of $400,000. Even at $35,000, the payment—accompanied by a two-year corrective action plan—was “devastating,” Gray said.
What so irked Gray was that OCR’s investigation was triggered by a small email breach that had happened 11 years earlier, and that the agency refused to base the settlement on Agape’s current state of compliance. OCR said Agape had been noncompliant until 2016.