1 min read

West Georgia ambulance pays $65K fine to settle HIPAA violations

Rick Kuwahara January 3, 2020

Healthcare cybersecurity news
Emergency room sign on brick building
West Georgia Ambulance was required to resolve several HIPAA violations with a $65,000 civil monetary settlement paid to the Department of Health and Human Services (HHS), along with the implementation of a corrective action plan.  

Ongoing HIPAA noncompliance

 

The ambulance company serves Carroll County, Georgia. In 2013, West Georgia filed a breach report with the Office of Civil Rights (OCR) over the loss of an unencrypted laptop that contained patient data.   The ensuing investigation uncovered many long-term HIPAA noncompliance issues, including: 
  • Failing to conduct a thorough risk analysis of the vulnerability of its electronic protected health information (ePHI) 
  • Not providing its workforce with security awareness and training
  • Not implementing HIPAA Security Rule policies and procedures

 

Technical assistance was provided to West Georgia to rectify these issues but the covered entity did not take important steps to fix their system-wide failures. “The last thing patients being wheeled into the back of an ambulance should have to worry about is the privacy and security of their medical information,” said OCR Director Roger Severino. “All providers, large and small, need to take their HIPAA obligations seriously.”  See also: HIPAA Compliant Email: The Definitive Guide

 

Civil monetary penalty and corrective action

Along with the civil monetary penalty, West Georgia must also take corrective action to improve its risk analysis, security training, HIPAA policies, and business associate agreements. Within 30 days, the covered entity is required to send OCR its plans for HIPAA compliant risk analysis.  West Georgia will also have to revise and submit its security training materials to HHS for approval. Plus, the covered entity must install HIPAA compliant encryption software on its computers and review all third-party service providers to ensure compliance. 

 

Conclusion

OCR is giving greater scrutiny to small breaches and cracked down on potential HIPAA violations throughout 2019. HIPAA violations that started years ago can still result in fines for earlier noncompliance once investigated. Over $12 million was paid to OCR last year to address noncompliance issues.   

 

Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Doctor reviewing medical records with patient

Healthcare provider pays hefty settlement for HIPAA noncompliance

Picture of Kapua Iao Kapua Iao : March 9, 2020

Last week, the Office for Civil Rights (OCR) released a statement regarding its settlement with the practice of Steven A. Porter, M.D. (the Practice)...

HIPAA compliance
Read More
Paubox HIPAA Breach Report logo

Lifespan health system pays over $1M for HIPAA breach

Chloe Bowen : July 27, 2020

On April 21, 2017, Lifespan Corporation filed a breach report with the Office for Civil Rights ( OCR) at the U.S. Department of Health and Human...

Healthcare cybersecurity news
Read More
Image of a stack of paper with a magnifying glass on top.

What is an OCR Risk Analysis Initiative?

Picture of Tshedimoso Makhene Tshedimoso Makhene : June 27, 2025

The OCR Risk Analysis Initiative refers to the efforts led by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) to...

HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.