Blog Logo
Blog Logo

Michael A. Cassidy


Contact information

View All News & Insights

Orthopedic Practice Pays $1.5 Million for HIPAA Damages

By Michael Cassidy

Most medical practices view Health Insurance Portability and Accountability Act (HIPAA) compliance as maintaining appropriate documentation regarding patient notices and consents, and controlling access to the Patient Health Information (PHI) within the office; that’s PRIVACY.  Practices tend to forget the technology/security side of HIPAA, which requires maintaining, or reasonably attempting to maintain, secure Electronic Health Record (EHR)/IT systems; that’s SECURITY. 


Athens Orthopedic Clinic PA agreed to pay $1.5 million in damages to settle potential violations of HIPAA following a self-reported breach report informing the Office for Civil Rights (OCR) that approximately 208,000 patient files were affected because of a hacker breach. 

The OCR investigation revealed “long standing, systemic non-compliance with the HIPAA privacy and security rules”. 

Remember that HIPAA requires both PRIVACY and SECURITY

For additional information contact Mike Cassidy.

September 28, 2020

Serving our clients successfully since 1900

The same attributes that have anchored over a century of success are still our guiding principles today.

Stay up-to-date on the latest News & Insights by subscribing to our alerts

Enter your email address below and be notified when we post new information.