The U.S. Department of Health and Human Services levied more than $5 million in fines and penalties on a major hospital and a medical group for alleged violations of HIPAA.
The U.S. Department of Health and Human Services (HHS) levied more than $5 million in fines and penalties on a major hospital and a medical group for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA).
The HHS Office for Civil Rights, which enforces HIPAA privacy rules, imposed a $4.3 million civil penalty on Cignet Health of Prince George's County, Maryland, the first such penalty it has issued for patient privacy violations.
The investigation began after 41 patients complained that they were unable to get their medical records from the medical group. In a statement, HHS said Cignet refused to turn over the records or cooperate with its investigation, thus earning a $3 million penalty on top of the initial $1.3 million fine.
HHS began investigating Mass General after a patient complained in 2009 that the hospital lost her health information.