Orthopedic Practice Pays $1.5 Million for HIPAA Damages

By Michael Cassidy

Most medical practices view Health Insurance Portability and Accountability Act (HIPAA) compliance as maintaining appropriate documentation regarding patient notices and consents, and controlling access to the Patient Health Information (PHI) within the office; that’s PRIVACY.  Practices tend to forget the technology/security side of HIPAA, which requires maintaining, or reasonably attempting to maintain, secure Electronic Health Record (EHR)/IT systems; that’s SECURITY. 

Athens Orthopedic Clinic PA agreed to pay $1.5 million in damages to settle potential violations of HIPAA following a self-reported breach report informing the Office for Civil Rights (OCR) that approximately 208,000 patient files were affected because of a hacker breach. 

The OCR investigation revealed “long standing, systemic non-compliance with the HIPAA privacy and security rules”. 

Remember that HIPAA requires both PRIVACY and SECURITY. 

For additional information contact Mike Cassidy.