CardioNet agrees to $2.5 million fine, corrective action plan to settle HIPAA allegations

CardioNet agreed to pay $2.5 million and implement a corrective action plan to settle allegations of noncompliance with HIPAA privacy and security rules.

The HHS Office for Civil Rights announced the settlement on April 24.

HHS said the agreement was not an admission of liability by CardioNet, which manufactures ambulatory cardiac monitoring services to help physicians diagnose and treat patients with arrhythmias. The agreement was also not a concession from HHS that CardioNet violated HIPAA rules.

In January 2012, CardioNet told HHS that an employee had a laptop stolen outside of his home that contained unsecured electronic protected health information from 1,391 individuals. The next month, the company contacted the agency again to say that there were similar breaches effecting 2,219 individuals.

The Office of Civil Rights' investigation found that CardioNet had not implemented its standards of the HIPAA security rule. HHS also said that the company did not have policies or procedures regarding the implementation of safeguards for electronic protected health information.

As part of the corrective action plan, CardioNet agreed to provide HHS with a risk analysis of security risks and vulnerabilities related to electronic protected health information within 90 days of the plan’s start date. The company will also submit a risk management plan addressing any security risks and vulnerabilities within 90 days. In addition, it will review and revise its current security rule policies and procedures and security rule training program within 60 days.

If CardioNet determines that an employee failed to comply with policies and procedures, it must notify HHS within 30 days. Meanwhile, the company will submit annual reports as part of the two-year corrective action plan. CardioNet is also required to retain its records and provide them to HHS upon request for six years.

Tim Casey,

Executive Editor

Tim Casey joined TriMed Media Group in 2015 as Executive Editor. For the previous four years, he worked as an editor and writer for HMP Communications, primarily focused on covering managed care issues and reporting from medical and health care conferences. He was also a staff reporter at the Sacramento Bee for more than four years covering professional, college and high school sports. He earned his undergraduate degree in psychology from the University of Notre Dame and his MBA degree from Georgetown University.

Around the web

Ron Blankstein, MD, professor of radiology, Harvard Medical School, explains the use of artificial intelligence to detect heart disease in non-cardiac CT exams.

Eleven medical societies have signed on to a consensus statement aimed at standardizing imaging for suspected cardiovascular infections.

Kate Hanneman, MD, explains why many vendors and hospitals want to lower radiology's impact on the environment. "Taking steps to reduce the carbon footprint in healthcare isn’t just an opportunity," she said. "It’s also a responsibility."

Trimed Popup
Trimed Popup