The U.S. Department of Health and Human Services has already assessed over $11 million in settlements of alleged HIPAA violations and penalties in 2017.
2017 saw the largest settlement to date, at $5.5 million. This resulted from a covered entity’s failure to terminate a former employee’s access to PHI after termination from the company. Another settlement of $2.2 million resulted from the theft of a USB devise containing PHI, and a settlement of $3.2 million resulted from the loss of an unencrypted phone and laptop.
HHS is actively pursuing HIPAA violations, as evidenced from the large settlements this year. Employers should make sure the personally identifiable information in their health plans is protected and they have HIPAA security policies in place to address potential issues.