If HIPAA privacy regulations have slipped to the back of your mind in recent years, it's time to move them back to the forefront. Two separate entities are out millions of dollars after violating the privacy rules recently, and you can avoid a similar fate if you make sure you're following the law to the letter. Massachusetts General Hospital agreed to pay $1 million to settle "potential violations" of HIPAA after its Infectious Disease Associates outpatient practice lost 192 patients' protected health information (PHI), HHS reports. The investigation was triggered after a patient complained that the practice lost his or her PHI. In addition, the practice lost billing encounter forms for 66 patients, which included patients' names, dates of birth, health insurance policy numbers, and diagnoses, HHS reveals in a Feb. 24 news release. HHS separately imposed a $4.3 million civil monetary penalty against Cignet Health for HIPAA violations. Cignet is accused of refusing to give 41 patients access to their medical records, even though the HIPAA law requires that covered entities give patients a copy of their medical records within 30 days of a patient's request, a Feb. 22 HHS news release notes.