Fresenius Medical pays $4m to settle HIPAA violations

Fresenius Medical Care (NYSE:FMS; ETR:FRE) has agreed to pay $3.5 million to the US Department of Health and Human Services Office for Civil Rights to settle five breaches of the Health Insurance Portability and Accountability Act Privacy and Security Rules. Fresenius reportedly submitted five separate breach reports on Jan. 23, 2013 for separate incidents between Feb. 23, 2012 and July 18, 2012 that implicated electronic protected health information of five of Fresenius’ covered entities. The locations of the breaches were the Jacksonville, Fla.-based Fresenius Medical Care Duval Facility, the Semmes, Ala.-based Fresenius Medical Care Magnolia Grove, Maricopa, Ariz.-based Fresenius Medical Care Ak-Chin, Fresenius Vascular Care Augusta and Fresenius Medical Care Blue Island Dialysis. An investigation carried out by the Office of Civil Rights revealed that Fresenius’ covered entities “failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all its ePHI,” according to the HHS release. This included the impermissible disclosure of ePHI of patients through unauthorized access, and a failure to implement policies to address certain security incidents. The settlement also includes the adoption of a comprehensive corrective action plan which requires the Fresenius entities to complete a risk analysis and risk management plan and revised policies and procedures on de...
Source: Mass Device - Category: Medical Devices Authors: Tags: Business/Financial News Regulatory/Compliance Fresenius Source Type: news