The company, based in Prince George's County, MD, got hit in February with OCR's first civil money penalty for violations of the HIPAA Privacy Rule-a $4.3 million tab that included $3 million for failing to cooperate with the agency's investigation. OCR determined Cignet acted with "willful neglect" and did not take action to correct the violations, which allowed the agency to impose the highest level of fines based on its tiered penalty structure.
HHS' OCR in February began using the new fine structure mandated by HITECH and handed one of the country's most prestigious hospitals, Massachusetts General Hospital (MGH) in Boston, a $1 million penalty for a breach violation.
When President Obama signed into law the HITECH Act as part of ARRA in February 2009, it meant a bevy of changes to the existing HIPAA Privacy, Security, and Enforcement Rules.
There are some Joint Commission EPs with which almost all hospital HIM departments struggle. Surveyors continue to focus on them, so chances are you should too.
Efforts to educate medical staff members on Medicare or other payer policies can be like herding cats. However, it is necessary to ensure compliance. The case management department cannot improve level of care decisions without cooperation from medical staff members.
