Case Examples and Resolution Agreements
These examples show how covered entities can effectively comply with the requirements of the Privacy and Security Rules. Periodically, we update this page with case examples of the corrective actions that OCR obtains from covered entities through our enforcement efforts.
Resolution Agreements and Civil Money Penalties -A resolution agreement is a contract signed by HHS and a covered entity in which the covered entity agrees to perform certain obligations (e.g., staff training) and make reports to HHS, generally for a period of three years. During the period, HHS monitors the covered entity’s compliance with its obligations. A resolution agreement likely would include the payment of a resolution amount. These agreements are reserved to settle investigations with more serious outcomes. When HHS has not been able to reach a satisfactory resolution through the covered entity’s demonstrated compliance or corrective action through other informal means, civil money penalties (CMPs) may be imposed for noncompliance against a covered entity. To date, HHS has entered into ten resolution agreements and issued CMPs to one covered entity.
- Massachusetts Provider Settles HIPAA Case for $1.5 Million – September 17, 2012
Alaska DHSS Settles HIPAA Security Case for $1,700,000 – June 26, 2012
HHS Settles Case with Phoenix Cardiac Surgery for Lack of HIPAA Safeguards --April 13, 2012
HHS settles HIPAA case with BCBST for $1.5 million --March 13, 2012
Resolution Agreement with the University of California at Los Angeles Health System --July 6, 2011
Resolution Agreement with General Hospital Corp. & Massachusetts General Physicians Organization, Inc.--February 14, 2011
Civil Money Penalty issued to Cignet Health of Prince George's County, MD--February 4, 2011
Resolution Agreement with Management Services Organization Washington, Inc.--December 13, 2010
Resolution Agreement with Rite Aid Corporation--July 27, 2010
Resolution Agreement with CVS Pharmacy, Inc.--January 16, 2009
Resolution Agreement with Providence Health & Services--July 16, 2008