Lessons from the HHS OCR Settlement with LA Care Over HIPAA Security Rule Violations

September 11, 2023
Lessons from the HHS OCR Settlement

In a recent episode of “Healthcare’s Most Expensive Mistakes,” LA Care, the nation’s largest publicly operated health plan, made a special guest appearance. They settled a case with the U.S. Department of Health and Human Services’ Office for Civil Rights (HHS / OCR) over potential violations of the HIPAA Security Rule. The cost? A cool $1.3 million and a multi-year “compliance babysitting” plan.


Key Violations

They say it is all in the details. Well, the violations that led to this hefty settlement were the ones that are overlooked so often. They included:

  • Failure to conduct accurate and thorough risk analysis.
  • Inadequate security measures.
  • Lack of regular system check-ups.
  • Absence of technical and nontechnical evaluations.
  • Missing mechanisms for recording and examining info system activities.


The Importance of Proactive Measures

OCR Director Melanie Fontes Rainer emphasized that it’s better to be proactive than reactive—unless you enjoy cutting million-dollar checks to the government. The OCR will be keeping a watchful eye on LA Care for three years, so let’s hope they don’t pull a “Groundhog Day” and repeat their mistakes.


Corrective Actions

To avoid their past mishaps, LA Care will be following a corrective action plan. Steps include:

  • Conducting a comprehensive risk analysis
  • Crafting a robust risk management plan.
  • Rolling out effective policies and procedures.
  • Sending report cards to HHS about how they’re behaving.

The LA Care case is a cautionary tale that even healthcare giants can stumble if they don’t take HIPAA seriously. But hey, mistakes are human; it’s how you fix them that defines you. If you’re reading this and are suddenly concerned about your organization’s compliance, you’re not alone—well, unless you’re from LA Care, in which case, hang in there!


How Abyde Can Help

Now, for healthcare organizations that want to avoid starring in the next episode of “Healthcare’s Most Expensive Mistakes,” meet Abyde. We’re the fairy godparent you wish you had during a compliance crisis. Our HIPAA and OSHA Compliance SAAS platform helps you sail through risk analyses, craft impeccable risk management plans, and even preps you for those scary OCR audits—making compliance as easy as pie.

So, if you’re tired of the compliance nightmares and ready to sleep easy, Abyde is your dream come true. Don’t be the next LA Care; be the carefree healthcare provider everyone envies.

Embrace peace of mind and secure your organization’s future with Abyde today. Because in the world of healthcare, it’s better to be safe, compliant, and a little bit cheeky than sorry.