Skip to main content

Cignet Health Fined $4.3M for HIPAA Violations

 |  By John Commins  
   February 23, 2011

Maryland-based Cignet Health has been slapped with a $4.3 million fine for its refusal to provide patients with copies of their health records, and for willfully failing to cooperate with the federal government's attempts to resolve the complaint, the Department of Health and Human Services announced Tuesday.  

HHS's Office for Civil Rights said the fine is the first such "civil money penalty" imposed for violations of the Privacy Rule of the Health Insurance Portability and Accountability Act.

Calls to Mitchellville, MD-based Cignet on Tuesday afternoon were not immediately returned.

HHS's Office of Civil Rights said Cignet violated 41 patients' rights by denying them access to their medical records when requested between September 2008 and October 2009. The patients complained to OCR alleging that Cignet was violating the HIPAA rule that requires "covered entities" to provide patients with copies of their medical records within 30 days -- and no later than 60 days -- of the request, HHS said.

The civil money penalty for the violations was $1.3 million.

During the investigations, however, Cignet allegedly ignored OCR's demands to produce the records. A federal court issued a default judgment against Cignet on March 30, 2010. On April 7, 2010, Cignet gave the medical records to OCR, allegedly with no efforts to resolve the complaints through "informal means." OCR alleged that Cignet also failed to cooperate with the investigation from March 17, 2009, to April 7, 2010, indicating "Cignet's willful neglect to comply with the Privacy Rule." The failure to cooperate with OCR added $3 million to the civil money payment, HHS said.

"Covered entities and business associates must uphold their responsibility to provide patients with access to their medical records, and adhere closely to all of HIPAA's requirements," said OCR Director Georgina Verdugo. "The U.S. Department of Health and Human Services will continue to investigate and take action against those organizations that knowingly disregard their obligations under these rules."

The civil money penalty is based on the violation categories and increased penalty amounts authorized by Section 13410(d) of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

 

John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.

Tagged Under:


Get the latest on healthcare leadership in your inbox.