Clinical laboratory pays $25,000 to settle potential HIPAA violations
Peachstate Health Management, doing business as AEON Clinical Laboratories (Peachstate), has agreed to pay $25,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, according to a news release from HHS.
Peachstate is based in Gainesville, GA, and is certified under the Clinical Laboratory Improvement Amendments of 1988 (CLIA). Peachstate provides diagnostic and laboratory-developed tests, including clinical and genetic testing services.
OCR said it initiated a compliance review of Peachstate in December 2017 to determine its compliance with the HIPAA Privacy and Security Rules. The investigation found systemic noncompliance with the HIPAA Security Rule, including failures to conduct an enterprise-wide risk analysis, implement risk management and audit controls, and maintain documentation of HIPAA Security Rule policies and procedures, OCR said.
In addition to the monetary settlement, Peachstate has agreed to a robust corrective action plan that includes three years of monitoring.
