Here’s a list of the top 12 fines levied by OCR and the violations that precipitated the actions.
12 largest fines levied for HIPAA violations
Advocate Health Care
Action announced: August 4, 2016
In 2013, Advocate submitted three breach notification reports involving separate incidents within its Advocate Medical Group subsidiary and affecting about 4 million individuals. OCR found substantial deficiencies in how Advocate conducted risk assessments of electronic protected health information; how it implemented policies, procedures and facility access controls to limit access to electronic health records; how it oversaw the safeguarding of ePHI by business associates; and how it safeguarded an unencrypted laptop left in an unlocked vehicle overnight.
Advocate Health Care response: Advocate released the following statement on the agreement with OCR: Protecting the privacy and confidentiality of our patients while delivering the highest level of care and service are our top priorities. As all industries deal with the ever-evolving digital landscape and the impact it has on security, we’ve enhanced our data encryption measures to prevent this type of incident from reoccurring. While there continues to be no indication that the information was misused, we deeply regret any inconvenience this incident has caused our patients. We continue to cooperate fully with the government to advance our patient privacy protection efforts.