In the most interesting deal for the month, Aetna Life Insurance Company secured a US$1,000,000 solution with OCR after three separate breaches in 2017. Aetna, a CVS Health Company, is one of the largest health insurers in the United States, as it sells both consumer-focused health plans and traditional health plans. The OCR`s investigation showed that this incident constituted a violation of the standard in order to allow timely access to all medical documents requested by this person. This examination helped the patient to obtain all his recordings, just over a year after the first request. NY Spine must now follow this resolution, implement the corrective plan and be followed for the next two years. HHS then reviewed Athens Orthopedic, alleging in particular the following HIPC violations: (i) the lack of an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity and availability of its eHIs; (ii) failure to implement sufficient hardware, software and procedural mechanisms to record and investigate activities in information systems containing or using ePHI; (iii) the non-conclusion of counterparty agreements with three of its counterparties; and (iv) not to provide hipAA training to all staff and to provide copies of HIPAA policies and procedures. If anyone doubts HIPAA`s enforcement, the Civil Rights Office (OCR), which oversees HIPAA compliance, has made it clear over the past two weeks that they are serious. Through its recent announcements of resolution agreements and monetary settlements, OCR has set examples for eight companies and counterparties of all kinds and sizes covered. On September 21, 2020, OCR announced that the Athens Orthopedic Clinic PA (Athens) had agreed to pay $1.5 million to OCR and adopt a corrective plan to address possible violations of HIPC data protection and security rules. On 26 June 2016, a journalist informed Athens that a database containing Athens` medical records could be put up for sale online. On June 28, 2016, a hacker contacted Athens to claim money in exchange for a full copy of the stolen database. Athens found that the hacker had accessed the organization`s electronic medical records system and exfiltrated patients` health data for more than a month. Athens filed an infringement report informing the OCR that 208,557 people had been affected by the breach.
OCR`s investigation revealed a long-standing systemic non-compliance by Athens with HIPC data protection and security rules, including failures to conduct risk analysis, implement risk management and audit controls, comply with HIPC policies and procedures, secure counterparty agreements with multiple counterparties, and provide the PPTAA for staff members. He designs and negotiates complex contracts in the healthcare sector with Ittechnologie (software licenses and professional service agreements), access provider agreements, data sharing agreements and associated business agreements. Jared`s practice is to advise payers, hospitals and suppliers on compliance. A resolution agreement is a transaction agreement signed by HHS and a hedged company or counterparty, in which the covered entity or counterparty undertakes to honor certain obligations and report HHS, typically for a period of three years. . . .