Select Page

In early 2018, the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) cycled through multiple health privacy enforcement heads over a 4-month span. Despite this turnover, OCR tallied $28.7 million from its completed HIPAA enforcement actions in 2018 -an all-time record that easily surpassed the prior record of $23.5 million from 2016.

US HHS OCR set a record in dollar amount from enforcement actions in 2018

Everyone is fair game

And it’s not like OCR only targeted big fish, either. While Anthem ($16 million, record-setting settlement) is certainly was a big fish, OCR settled with Filefax, Inc., a bankrupt shredding company, for $100,000 and Allergy Associates of Hartford, a 3-physician practice, for $125,000.

While OCR successfully imposed enforcement action on 10 organizations, that does not account for the number of organizations that were investigated. Remember, even small practices and defunct business associates are fair game for OCR enforcement as we learned from 2018. Because of the potential for hefty penalties, an OCR investigation is one headache you would like to avoid, if possible.

Maintain a healthy compliance program

How can you stay out of OCR’s metaphorical jail cell (or even a literal jail cell)? A healthy, robust compliance program is the key. At Eagle Consulting Partners, we offer a wide variety of HIPAA compliance and risk management services, such as HIPAA Risk Assessments (or Risk Analyses), Risk Management retainers, and custom HIPAA policies and procedures. Click here to contact us!



Do NOT follow this link or you will be banned from the site!
Eagle Risk Assessment JumpStart

Use Eagle's Risk Assessment JumpStart to Protect Your Organization

Receive this four page guide to help you assess your security risk and begin taking the right steps to avoid penalties and cyber attacks.

You have Successfully Subscribed!

Pin It on Pinterest