05.16.2018 Back to News

HIPAA Alert: It is Not the Size of the Breach that Matters

It's not the size that matters...

The first HIPAA settlement of 2018 has been announced by the Department of Health and Human Services’ Office for Civil Rights (OCR). Fresenius Medical Care North America (FMCNA) has agreed to pay OCR $3.5 million to resolve multiple potential HIPAA violations that contributed to five separate data breaches in 2012.

All of the five breaches resulted in the exposure of relatively few patients’ PHI. No breach involved more than 235 records, and three of the breaches exposed fewer than 50 records.

The settlement shows that while the scale of the breach is considered when deciding on an appropriate financial penalty, it is the severity and the extent of non-compliance that is likely to see financial penalties pursued.

The settlement also clearly shows that OCR does investigate smaller breaches and will do so when breaches suggest HIPAA Rules have been violated.

If you have any questions about HIPAA, or for any suspected HIPPA breach, please immediately call HIPAA Privacy Officer Zorana Vojnovic at (402) 354-6863 or zorana.vojnovic@nmhs.org.