The U.S. Department of Health and Human Services' Office for Civil Rights (HHS) reached a settlement with L.A. Care Health Plan, resulting in a $1.3 million fine and the initiation of a corrective action plan. This settlement serves as a critical reminder of the importance of HIPAA compliance and risk management for HR professionals within the healthcare industry.
The settlement results from an incident in January 2014 when L.A. Care's payment portal exposed sensitive information, including member names, addresses, and identification numbers, to other members. While the breach was reported as a manual information processing error, the consequences were far-reaching. HHS began its investigation in January 2016, following an article that highlighted the incident, rather than being notified by L.A. Care or the affected individuals.
In January 2019, during the HHS investigation, a subsequent HIPAA breach occurred affecting approximately 1,500 members. This breach resulted from a mailing error. HHS cited several potential violations by L.A. Care, including the failure to conduct comprehensive risk assessments, implement necessary security measures, and establish proper procedures for monitoring and responding to security-related changes.
The corrective action plan, which will be monitored by HHS for three years, requires L.A. Care to address its deficiencies. It mandates thorough risk assessments, the identification and remediation of vulnerabilities in safeguarding electronic Protected Health Information (ePHI), ongoing monitoring and reporting of changes affecting ePHI security, and enhanced workforce awareness of data security policies.
This event highlights the importance of a robust HIPAA compliance program, especially for HR professionals overseeing healthcare organizations. It underscores the significance of continuous risk assessment, technical safeguards, and the need for a proactive approach to address compliance deficiencies.
The $1.3 million settlement serves as a stark reminder that HIPAA violations can have severe financial consequences and reputational harm. HR professionals should use this case as an opportunity to review and enhance their organizations' HIPAA compliance measures, ensuring that they are well-prepared to handle potential risks and compliance issues effectively.
Benefit Allocation Systems (BAS) provides best-in-class, online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 can Integrate with any insurance carrier for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and many others), and integrate with any payroll system for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and many others).
