Corporate Compliance

HHS imposes first CMP for a HIPAA violation, Cignet will pay $4.3M

Compliance Monitor, March 2, 2011

The HHS Office for Civil Rights (OCR) imposed a civil money penalty (CMP) of $4.3 million to Cignet Health, of Prince George’s County, MD, (Cignet) for violating the HIPAA Privacy Rule, according to a HHS press release. This is the first time the department has issued a CMP for a covered entity’s violations of the HIPAA Privacy Rule.

According to the OCR, Cignet denied 41 patients access to their medical records when requested between September 2008 and October 2009. The HIPAA Privacy Rule requires that a covered entity provide a patient with a copy of his or her medical records within 30 (and no later than 60) days of the patient’s request. Cignet will pay $1.3 for those violations.

Cignet will pay an additional $3 million for failing to cooperate with the OCR investigation. According to the OCR, Cignet refused to produce records requested by the OCR. The OCR tried to subpoena the records, but Cignet failed to cooperate with that as well. OCR filed a petition to enforce its subpoena in United States District Court and obtained a default judgment against Cignet, after which Cignet produced the medical records to OCR. According to OCR, Cignet’s failure to cooperate was due to its willful neglect to comply with the Privacy Rule.

Most Popular