When President Obama signed into law the HITECH Act as part of ARRA in February 2009, it meant a bevy of changes to the existing HIPAA Privacy, Security, and Enforcement Rules.
The company, based in Prince George's County, MD, got hit in February with OCR's first civil money penalty for violations of the HIPAA Privacy Rule-a $4.3 million tab that included $3 million for failing to cooperate with the agency's investigation. OCR determined Cignet acted with "willful neglect" and did not take action to correct the violations, which allowed the agency to impose the highest level of fines based on its tiered penalty structure.
