$250K Penalty for Falsely Claiming to Perform Security Risk Analysis

June 26, 2019

Protecting patient information is a necessary duty for medical providers who are tasked to “first, do no harm.” In addition to its ethical priority, protecting patient information is required for health care organizations under the HIPAA Security Rule, the EHR Incentive Program, and the Merit-Based Incentive Payment System (MIPS). In addition to facing fines and penalties for failing to adequately protect information, health care providers can be penalized under the False Claims Act for attesting falsely to the government. A recent example is that of Coffey Health, a small hospital in Texas, which is now paying the federal government $250,000 for falsely claiming to have performed Security Risk Analysis as participants in the EHR Incentive Program.

How confident are you that your Security Risk Analysis (SRA) will meet requirements in the face of audits? M-CEITA has performed hundreds of SRAs for medical providers in Michigan. If you would like to find out how they can be of service to your health care organization, call 888-MICH-EHR or email mceita.info@altarum.org today!

“Coffey Health to Pay $250K for Falsely Attesting to HITECH Risk Analysis”
https://healthitsecurity.com/news/coffey-health-to-pay-250k-for-falsely-attesting-to-hitech-risk-analysis

“DOJ Pursues More Electronic Health Records Cases”
https://www.natlawreview.com/article/doj-pursues-more-electronic-health-records-cases