A cyber insurer will pay a $2.3 million HIPAA settlement on behalf of 21st Century Oncology, a Florida-based cancer clinic that filed for Chapter 11 bankruptcy in May.
Officials from HHS’ Office for Civil Rights agreed to allow cyber insurance company Beazley Group to pay the HIPAA settlement, which stems from a 2015 data breach.
The $2.4 million settlement is by far the smaller of two settlements 21st Century Oncology recently reached with the federal regulators. In a separate incident, the large cancer care clinic settled with the U.S. Department of Justice for $34.7 million following a billing fraud investigation.
The situation is an unusual one for the Office for Civil Rights, which has often said it doesn’t wish to put organizations out of business with HIPAA fines and settlements.
It is also an unusual process of collection for the OCR, according to privacy attorney Adam Greene of law firm Davis Wright Tremaine, who was not involved in the case.
“Normally, the covered entity would pay the settlement or fine and would get reimbursed by the insurer,” Green told Healthcare Info Security. “Here, OCR is going directly to the insurer to receive the payment, which is likely in large part because the covered entity is in bankruptcy proceedings.”
The 2015 data breach affected 2.2 million patient hospital records. The FBI requested the notification be delayed while it investigated, reports Healthcare IT News.
On Dec. 12, 21st Century Oncology settled with the DOJ after the self disclosure relating to the submission of false statements regarding the health clinic’s use of electronic health records (EHR) software. Other statements alleged the clinic violated the False Claims Act by submitting, or causing the submission of, claims for certain services pursuant to referrals from physicians with whom they had improper financial relationships, according to the DOJ’s statement.
Although a Beazley Group spokesperson wouldn’t comment on any specific case, she said it’s information security coverage policies typically include regulatory defense and penalties.
The company 21st Century Oncology is based in Fort Myers and operates 179 treatment centers across the U.S. and Latin America.