United States

Welcome to Health Care Security and Privacy Connection


Thanks for your interest in RSM’s Health Care Security and Privacy Connection, your periodic update on industry news and insights related to information privacy, security and compliance. Here’s what’s happening.

The Office for Civil Rights (OCR) enforcement program is alive and well and health care organizations should know that OCR Health Insurance Portability and Accountability Act (HIPAA) fines will likely continue to be on the rise for the coming months.

HIPAA breach settlements have gone from $6.2 million in 2015 to $23.5 million in 2016, and are currently at $17.372 million for 2017. With the passing of the typically quiet summer months, it’s expected that settlements and enforcement actions will be forthcoming through the fall and winter.

At RSM, we track OCR enforcement actions as an indicator of specific compliance risks, but more importantly, to ensure we focus on the various elements of our client risk management programs that represent the greatest or emerging exposures. With that, we have observed two unique, first-time OCR HIPAA-related fines for 2017, including one for the timing of breach notification and another for a mobile medical device manufacturer. See the links below for details on these cases as well as additional helpful content related to this topic. Questions? Contact us.

  • Presence Health $475,000 settlement Presence Health reported a breach, but not within 60 days of discovering the problem, as is required by law. This is the first fine specific to the failure to report a breach timely.
  • CardioNet $2.5 million settlement CardioNet experienced a breach related to a lost laptop. While this was not directly related to the services they provide customers, it was the first HIPAA settlement involving a wireless health services provider. We have in the past, however, seen breaches related to the computing equipment connected to medical diagnostic devices.

Related resources

Human services agency seeks to improve care through new EHR strategy


Human services agency seeks to improve care through new EHR strategy

RSM helps their client optimize their electronic health record vendor selection process, ensuring a strategic fit for the organization.

  • August 10, 2017


Beyond HIPAA compliance

Collaboration and alignment between IT audit and IT security helps health care organizations better manage information security risks.

  • Jonathan Dreasler, Adam Keagle, Greg Vetter
  • |
  • June 29, 2016

Health Care Security and Privacy Connection

( * = Required fields)

How can we help you?

To discuss how our team can help your business, contact us by phone 800.274.3978 or

Subscribe to Health Care Leader Insights

Events / Webcasts


HHS Provider Relief Fund and compliance update

  • January 29, 2021


HITRUST for health care: The path to streamlining risk and compliance

  • December 10, 2020


HHS Provider Relief Fund and AICPA health care expert panel

  • November 20, 2020