HIPAA Privacy, Security, and Breach Notification OCR Audit Program
Ambulance Company Pays $65,000 and issued Corporate Integrity Agreement to settle Allegations of HIPAA noncompliance.
According to Office of Civil Rights (OCR), West Georgia Ambulance, Inc. (West Georgia), has agreed to pay $65,000 to OCR for to and adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. West Georgia is an ambulance company that provides emergency and non-emergency ambulance services in Carroll County, Georgia.
In accordance with HIPAA Security Provision, OCR’s investigation uncovered long-standing noncompliance with the HIPAA Rules, including failures to conduct a risk analysis, provide a security awareness and training program, and implement HIPAA Security Rule policies and procedures. Despite OCR’s investigation and technical assistance, West Georgia did not take meaningful steps to address their systemic failures.
“The last thing patients being wheeled into the back of an ambulance should have to worry about is the privacy and security of their medical information,” said OCR Director Roger Severino. “All providers, large and small, need to take their HIPAA obligations seriously.”
In addition to the monetary settlement, West Georgia will undertake a corrective action plan that includes two years of monitoring. The resolution agreement and corrective action plan may be found at https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/westgeorgia/index.html.