If your HIPAA compliance isn’t in line and the HHS Office for Civil Rights (OCR) looks into your practices, you should anticipate trouble. That’s what happened to Georgia-based Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories (Peachstate) after OCR initiated a review of its HIPAA Privacy and Security Rule compliance in 2017. “OCR’s investigation found systemic noncompliance with the HIPAA Security Rule, including failures to conduct an enterprise-wide risk analysis, implement risk management and audit controls, and maintain documentation of HIPAA Security Rule policies and procedures,” notes a release on the case. Peachstate agreed to pay $25,000 to settle the issue and entered into a corrective action plan (CAP), which includes 3 years of OCR monitoring. See the settlement specifics at www.hhs.gov/about/news/2021/05/25/clinical-laboratory-pays-25000-settle-potential-hipaa-security-rule-violations.html.