“It is true I’d rather get a hole in one than win an Academy Award.”
– Malcolm McDowell
According to the office’s website that is part of the United States Department of Health and Human Services, the Office of Civil Rights (OCR), “enforces federal civil rights laws, conscience and religious freedom laws, the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule, which together protect your fundamental rights of nondiscrimination, conscience, religious freedom, and health information privacy.” In 2018, the OCR awarded (and collected) the most penalties over HIPPA violations in the history of the agency — $28.7 million, which was an increase of 22% over 2017.
Anthem Inc. led the way with its $16 million payment for allowing cyber thieves to steal electronic personal health information from millions of employees. MD Anderson Cancer Center, Cottage Health, and Fresenius Medical Care North America also paid in the millions for their HIPPA violations. No company in immune from OCR fines if they are dealing with employees’ health information.
If you do not have proper HR and payroll procedures in place or if you do not have the appropriate risk management when it comes to cyber attacks, contact a BenefitCorp consultant here. There are resources and strategies that will protect your business and your employees from these types of problems.