West Georgia ambulance pays $65K fine to settle HIPAA violations

Featured image

Share this article

Emergency hospital building where ambulances escort patients

West Georgia Ambulance was required to resolve several HIPAA violations with a $65,000 civil monetary settlement paid to the Department of Health and Human Services (HHS), along with the implementation of a corrective action plan.  

Ongoing HIPAA noncompliance 

The ambulance company serves Carroll County, Georgia. In 2013, West Georgia filed a breach report with the Office of Civil Rights (OCR) over the loss of an unencrypted laptop that contained patient data.  

The ensuing investigation uncovered many long-term HIPAA noncompliance issues, including: 

  • Failing to conduct a thorough risk analysis of the vulnerability of its electronic protected health information (ePHI) 
  • Not providing its workforce with security awareness and training
  • Not implementing HIPAA Security Rule policies and procedures

Technical assistance was provided to West Georgia to rectify these issues but the covered entity did not take important steps to fix their system-wide failures.

“The last thing patients being wheeled into the back of an ambulance should have to worry about is the privacy and security of their medical information,” said OCR Director Roger Severino. “All providers, large and small, need to take their HIPAA obligations seriously.” 

See also: HIPAA Compliant Email: The Definitive Guide

Civil monetary penalty and corrective action

Along with the civil monetary penalty, West Georgia must also take corrective action to improve its risk analysis, security training, HIPAA policies, and business associate agreements. Within 30 days, the covered entity is required to send OCR its plans for HIPAA compliant risk analysis. 

West Georgia will also have to revise and submit its security training materials to HHS for approval. Plus, the covered entity must install HIPAA compliant encryption software on its computers and review all third-party service providers to ensure compliance. 

Conclusion

OCR is giving greater scrutiny to small breaches and cracked down on potential HIPAA violations throughout 2019. HIPAA violations that started years ago can still result in fines for earlier noncompliance once investigated. Over $12 million was paid to OCR last year to address noncompliance issues.   

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Rick Kuwahara

Rick Kuwahara is COO and Chief Compliancy Officer for Paubox.

Read more by Rick Kuwahara

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022