Office for Civil Rights Imposes $239,800 HIPAA Penalty

The Office for Civil Rights (OCR) recently imposed a $239,800 civil money penalty on Lincare for violations of the Health Insurance Portability and Accountability Act (HIPAA). Lincare, a provider of in-home and center-based respiratory therapy services and related equipment, challenged the fine and appealed the case to a Health & Human Services Administrative Law Judge (ALJ). However, the ALJ agreed with OCR’s contentions, granting the agency’s motion for summary judgment and sustaining the penalty.

The case stemmed from a December 2008 complaint received by OCR from the estranged husband of a Lincare employee. The complaint alleged that, in the couple’s shared home and vehicle, the employee stored – and later abandoned – unsecured paper documents containing the protected health information (PHI) of 278 Lincare patients. OCR’s ensuing investigation found that Lincare failed to implement HIPAA-required policies and procedures to effectively instruct their employees how to secure PHI on and off of company premises. The civil money penalty amount accounted for this violation, as well as Lincare’s failure to safeguard the PHI that was impermissibly disclosed to the complainant.

TIP: OCR is continuing to ramp up its enforcement measures ahead of its upcoming HIPAA audit program. Companies that qualify as covered entities and business associates should begin proactively reviewing their HIPAA programs to ensure compliance with the regulations.