Healthcare News & Insights

One dumb move nets first civil HIPAA fine


The feds have issued the first civil fine for a HIPAA violation — and it’s a doozy.

Cignet Health has been ordered to pay $4.3 million by the Dept. of Health and Human Services for violating the privacy act and failing to cooperate during the investigation that followed.

According to the feds, Cignet violated the rights of 41 patients after it failed to provide them with medical records when requested. The requests took place between Sept. 2008 and Oct. 2009. HIPAA requires  records to be made available to patients within 60 days of a request.

Adding fuel to the fire, Cignet failed to respond to investigators’ requests when they were reviewing the matter — even after a subpoena had been issued. Only after 13 months did the company finally provide the requested documents. The bulk of the penalty, $3 million, is explicitly due to the company’s failure to cooperate with the investigation.

Ironically, when Cignet eventually turned over the requested records, it included medical records for approximately 4,500 other patients who had no connection to the probe.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.