Articles and Speeches
What Every Compliance Officer Should Learn From the Recent HIPAA Enforcement Actions
June 14, 2011
R. Ross Burris, III
On February 22, 2011, the U.S. Department of Health and Human Services (HHS) announced that the Office for Civil Rights (OCR) imposed a civil monetary penalty (CMP) of $4.3 million against Cignet Health (Cignet) for the covered entity’s violations of the Privacy Rule promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).1 Two days later, on February 24, 2011, HHS announced a settlement agreement and corrective action plan entered into with Massachusetts General Hospital (Mass General) in the amount of $1 million more than purported HIPAA violations.