January 09, 2020

Ambulance Company Settles Allegations of Longstanding HIPAA Noncompliance

On December 30, OCR announced that West Georgia Ambulance, Inc. (West Georgia), an ambulance company that provides emergency and non-emergency ambulance services in Georgia, agreed to pay $65,000 and adopt a corrective action plan to settle allegations of longstanding HIPAA noncompliance. OCR’s investigation of West Georgia stemmed from West Georgia’s breach report related to its loss of an unencrypted laptop. The investigation found that West Georgia failed to conduct a risk analysis, provide a security awareness and training program, or implement HIPAA Security Rule policies and procedures. OCR alleged that West Georgia failed to take meaningful steps to address its “system failures” despite OCR’s investigation and technical assistance.  West Georgia’s corrective action plan includes two years of monitoring.