5 breaches add up to millions in settlement costs for entity that failed to follow HIPAA rules

Fresenius Medical Care North America has agreed to pay $3.5 million to settle potential HIPAA violations. FMCNA reported five (yes, as in 5) separate breaches in 2012.

FMCNA filed five reports for separate breach incidents in January 2013, which occurred between February 23, 2012, and July 18, 2012.

  • At Applications of Florida (d/b/a Fresenius Medical Care Duval Facility), two desktop computers were stolen with one containing the ePHI of 200 patients.
  • At Bio-Medical Applications of Alabama (d/b/a Fresenius Medical Care Magnolia Grove), a flash drive with 245 individuals’ ePHI was stolen from an employee’s car.
  • At Renal Dimensions (d/b/a Fresenius Medical Care Ak-Chin) a hard drive from a desktop computer with thirty-five people’s information went missing.
  • At, Fresenius Vascular Care Augusta, an unencrypted laptop was stolen from a car.
  • At WSKC Dialysis Services (d/b/a Fresenius Medical Care Blue Island Dialysis), three desktop computers and one encrypted laptop were stolen, exposing the PHI of 31.

FMCNA is to pay a $3.5 million fine and has to implement a corrective action plan. Take a look at the actions they have to take by reading the plan HHS has published.

Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules – HHS Resolution Agreement