Metropolitan Community Health Services has agreed to pay $25,000 to HHS' Office for Civil Rights to settle potential HIPAA violations, according to a July 23 news release.
MCHS is a federally qualified health center that provides various discounted medical services to underserved patients in North Carolina. It has agreed to the HIPAA settlement doing business as Washington, N.C.-based Agape Health Services.
In June 2011, Metro filed a breach report with the OCR stating that an unknown email account gained unauthorized access to the protected health information of 1,263 patients. After investigating the incident, OCR discovered "longstanding, systemic noncompliance with the HIPAA Security Rule," according to the news release. Metro did not conduct any risk analyses, did not implement any HIPAA Security Rule policies and procedures and did not provide staff members with security awareness training until 2016.
"Healthcare providers owe it to their patients to comply with the HIPAA Rules," OCR Director Roger Severino said. "When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals' health information."
In addition to the $25,000 settlement, Metro will also adopt a corrective action plan that includes two years of monitoring.