OCR HIPAA enforcement continues during pandemic

Featured image

Share this article

HIPAA Act logo

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights’ (OCR) HIPAA enforcement continues during the pandemic.

This year, OCR has already settled with three covered entities (CEs) following investigations into their reported breaches.

Such settlements remind healthcare organizations of the importance of HIPAA compliance and strong cybersecurity even during health crises.

What is HIPAA?

HIPAA is U.S. legislation created to improve health coverage standards and combat abuse related to protected health information (PHI).

SEE ALSO: What is HIPAA? Or is it HIPPA?

Most commonly associated with HIPAA are Title II and its significant provisions:

CEs and their business associates (BAs) are HIPAA compliant if they make a concerted effort to protect PHI from a breach.

And while a breach does not always result in a HIPAA violation penalty, any breach that affects more than 500 people must be reported to OCR for investigation, and it will be published on HHS’ Breach Portal, aka the “wall of shame.”

OCR then decides if the CE is at fault, as is the circumstance in the three cases settled this year.

Recent OCR settlements

Fees for the three recently settled cases—Steven A. Porter, M.D., Metropolitan Community Health Services, and Lifespan Health System Affiliated Covered Entity—total almost $1.2 million.

Porter, M.D. Metro Lifespan
Date breach filed 2013 2011 2017
Date settled in 2020 March 3 July 23 July 27
Fee $100,000 $25,000 $1.04 million
Misc. penalty Corrective plan Corrective plan Corrective plan
# affected individuals 500 1,263 20,431
Type of breach Improper disposal Phishing Theft of laptop
Why a violation ·   No risk analysis conducted

·   Failed to implement security measures

·   No risk analysis conducted

·   Did not adhere to Security Rule

·   Did not provide training until 2016

·   Failure to encrypt

·   Lack of media/device controls

·   Absence of a business associate agreement (BAA)

In general, OCR focused on the lack of security as related to:

Each CE could have avoided the violation by implementing security measures, if not from the beginning, then as soon as their problem was discovered.

According to OCR Director, Roger Severino, “Providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information.”

Accountability and security

Without enforcement, compliance may not be a top priority, especially during a pandemic; accountability ensures strong cybersecurity.

And as stated by HHS in the past, HIPAA and compliance reviews are never suspended.

OCR modified certain rules recently around the usage of telehealth, COVID-19 testing sites, and communication, but HIPAA compliance is still necessary.

Especially as safety concerns grow with increased remote working, telehealth, and telecommunication.

Emphasis must be on strong procedures and policies, employee awareness training, and solid email security (i.e., HIPAA compliant email).

Paubox Email Suite encrypts all emails sent from a customer’s existing email platform. Emails are delivered directly to a patient’s inbox with no extra steps or passwords required.

Paubox Email Suite is perfect for helping CEs avoid a HIPAA violation when protection is needed the most.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022