Via the Threatpost article “HIPAA Bares Its Teeth: $4.3m Fine For Privacy Violation“:
The health care industry’s toothless tiger finally bared its teeth, as the U.S. Department of Health and Human Services (HHS) issued a $4.3 m fine to a Maryland health care provider for violations of the HIPAA Privacy Rule. The action is the first monetary fine issued since the Act was passed in 1996.
A copy of a penalty notice against Cignet depicts a two-year effort in which HHS struggled with what appears to be a dysfunctional Maryland provider unaware of the potential impact of HIPAA non-compliance, and unwilling or unable to cooperate with HHS in any way.
When first reading the title I was willing to rail against HIPAA, as I’m tired of it. Then I read the post. Wow. It’s like a test case designed to see just how far you could push HHS, and frankly how incompetent you can be while pushing. Seems HHS was having trouble getting Cignet’s attention. I bet they have it now.
*This blog post was originally published at GruntDoc*