The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has announced its first Health Insurance Portability and Accountability Act (HIPAA) settlement of
the year regarding the untimely reporting of a breach of unsecured protected health information (PHI). The OCR settlement is with Presence Health, an Illinois health care network with 150 locations, including 11 hospitals and 27 long-term care and senior living facilities. The settlement includes a $475,000 fine and a two-year corrective action plan that subjects Presence Health’s HIPAA compliance to close scrutiny by HHS. The settlement also provides a not so gentle reminder to make sure that breach notification reports are filed in a timely manner.
- First OCR Enforcement Action of 2017
- Failure to provide prompt notices to affected individuals, media outlets, and OCR
- Payment of $475,000
- The deadline for reporting 2016 breaches affecting fewer than 500 individuals is March 1.