Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements

The Metropolitan Community Health Services (Metro), doing business as Agape Health Services, has agreed to pay $25,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS). They have also agreed to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Metro is a Federally Qualified Health Center that provides a variety of discounted medical services to the underserved population in rural North Carolina and these facts were taken into account when reaching this agreement.

On June 9, 2011, Metro filed a breach report regarding the impermissible disclosure of protected health information to an unknown email account.  This breach affected 1,263 patients.  The OCR’s investigation revealed longstanding, systemic noncompliance with the HIPAA Security Rule.  Specifically, Metro failed to conduct any risk analyses, and failed to implement any HIPAA Security Rule policies and procedures. Metro had also neglected to provide workforce members with security awareness training until 2016.

“Health care providers owe it to their patients to comply with the HIPAA Rules.  When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information,” said Roger Severino, OCR Director.

In addition to the monetary settlement, Metro will undertake a corrective action plan that includes two years of monitoring. The resolution agreement and corrective action plan may be found at: https://www.hhs.gov/sites/default/files/metro-signed-agreement.pdf.

Adjusting to the HIPAA guidelines doesn’t need to be a hassle. Here at databrackets, our expert security team can help you get security awareness training for your employees, as well as a thorough and cost-effective risk analysis so that you won’t have to worry about a thing. Schedule a consultation with us or request a quote today!

The following two tabs change content below.
Our mission is to assist organizations in developing and implementing practices to secure data and comply with regulations. With several years of experience in the IT and health care industries, databrackets is poised to meet the needs of your organization via: - Consulting Services - Online, Do-it-yourself Toolkits for Security Risk Assessment - Education (Training, Webinar, and Workshops) For details on how databrackets can provide customized assistance for your organization, please contact us at info@databrackets.com.

Leave a Reply