Health Information Compliance Alert

If your HIPAA compliance isn’t in line and the HHS Office for Civil Rights (OCR) looks into your practices, you should anticipate trouble.

That’s what happened to Georgia-based Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories (Peachstate) after OCR initiated a review of its HIPAA Privacy and Security Rule compliance in 2017. “OCR’s investigation found systemic noncompliance with the HIPAA Security Rule, including failures to conduct an enterprise-wide risk analysis, implement risk management and audit controls, and maintain documentation of HIPAA Security Rule policies and procedures,” notes a release on the case.

Peachstate agreed to pay $25,000 to settle the issue and entered into a corrective action plan (CAP), which includes 3 years of OCR monitoring.

See the settlement specifics at www.hhs.gov/about/news/2021/05/25/clinical-laboratory-pays-25000-settle-potential-hipaa-security-rule-violations.html.