As suggested by Leon Rodriguez another fine has been levied by HHS for non compliance. This time against a Phoenix-based physician practice for $100,000 for failing to meet HIPAA Privacy and Security requirements to protect patient information. Significant in HHS statement was the following:

“This case is significant because it highlights a multiyear, continuing failure on the part of this provider to comply with the requirements of the Privacy and Security Rules,” said Leon Rodriguez, Director of OCR. “We hope that healthcare providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter what the size of the covered entity.”

So if there was any doubt out there about being on OCR’s radar the message here as well as the message sent by the selection of multiple small entities in the initial 20 random compliance audits ought to provide a wake up call. I think it is safe to say that Mr. Rodriguez means business.