West Georgia Ambulance Inc fined USD 65k

On 30/Dec/2019, West Georgia Ambulance Inc received a privacy fine of USD 65,000. The enforcement authority (U.S. Department of Health and Human Services) has cited these legal provisions in imposing the fine on West Georgia Ambulance Inc: HIPAA/

Essentials

Date of enforcement action:
30/Dec/2019
Jurisdiction: Fine imposed:
United States Flag for United States, which is the jurisdiction taking enforcement action USD 65,000 (US$65,000)
Defendant company or entity: Industry segment:
West Georgia Ambulance Inc Medical /

Case summary

West Georgia Ambulance, Inc. (West Georgia), has agreed to pay $65,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. West Georgia is an ambulance company that provides emergency and non-emergency ambulance services in Carroll County, Georgia.

OCR began its investigation after West Georgia filed a breach report in 2013 concerning the loss of an unencrypted laptop containing the protected health information (PHI) of 500 individuals. OCR’s investigation uncovered long-standing noncompliance with the HIPAA Rules, including failures to conduct a risk analysis, provide a security awareness and training program, and implement HIPAA Security Rule policies and procedures. Despite OCR’s investigation and technical assistance, West Georgia did not take meaningful steps to address their systemic failures.

“The last thing patients being wheeled into the back of an ambulance should have to worry about is the privacy and security of their medical information,” said OCR Director Roger Severino. “All providers, large and small, need to take their HIPAA obligations seriously.”

In addition to the monetary settlement, West Georgia will undertake a corrective action plan that includes two years of monitoring

(U.S. Department of Health and Human Services, Official Release)

Applicable legal provisions

HIPAA /

Enforcement information

Enforcement authority: Type of enforcement action:
U.S. Department of Health and Human Services Flag for United States, which is the jurisdiction taking enforcement action Penalty notice
Subject to appeal?
No (fine agreed by settlement with regulator)

Cite this fine in your work

Data Privacy Fines Index. (2019-12-30 03:20) West Georgia Ambulance Inc fined USD 65k. dataprivacyfines.com. Retrieved from https://privacyfines.com/fine/west-georgia-ambulance-inc-fined-usd-65k/

Entry last updated: 2020-01-12 11:12 GMT.