Yesterday, OCR announced its $3.5 million settlement with Fresenius Medical Care Holdings (“Fresenius”) to resolve alleged HIPAA violations. While the large settlement figure alone is eye-catching, the underlying facts require the complete attention of HIPAA covered entities. OCR is sending a message about HIPAA Security Rule compliance.
Five Fresenius entities in five different states suffered five completely separate but relatively common breaches. Each breach involved stolen or missing equipment. No one breach involved records of more than 500 patients. In fact, combined, the total number of patients impacted was 521. As a reminder, the $5.5 million settlement this time last year with Memorial Health Care System involved the records of 115,143 individuals. Continue Reading $3.5 M OCR Settlement for Five Breaches Affecting Fewer Than 500 Patients Each