Printer Friendly, PDF & Email

Under New Settlement, Ambulance Co. Pays OCR $65K, Must Quickly Encrypt Computers

In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging both a health care provider for late access to records—its second of this type—and an ambulance company—its first, but for common problems such as a lack of a security risk assessment.

In addition to 10 enforcement actions that collectively brought[1] OCR $12,270,00, 2019 was a noteworthy year beyond just those entities unlucky or unfortunate enough to feel the regulator’s sting. OCR also gave the health care community a gift of sorts when it determined[2] in May that it would slice the annual maximum fine of $1.5 million that it had been imposing for lower tier infractions, and would keep that amount for just the worst offenses falling into the “willful neglect” category.

On Dec. 12, OCR announced an $85,000 settlement with Korunda Medical LLC of Florida for what OCR said was the medical practice’s failure earlier in 2019 to adequately comply with a patient’s request for access to her medical records. Korunda also agreed to a one-year corrective action plan (CAP).[3]

The most recent settlement, and the last of 2019, was announced Dec. 30.

This document is only available to subscribers. Please log in or purchase access