hipaa violation case

Lab Faces Consequences: $16,500 Settlement with HHS Resolves HIPAA Violation Case

June 26, 2023

Life Hope Labs, a full-service diagnostic laboratory in Georgia, was fined a $16,500 monetary penalty to compensate for their HIPAA violation case last August 2021. According to the US Department of Health and Human Services Office for Civil Rights (OCR), Life Hope Labs clearly compromised their patient’s right to access their medical records after a representative was denied access to her deceased father’s medical records.

Aside from the settlement value, Life Hope Labs must fully commit to its corrective action plan. They must also submit a written implementation report within 120 days, along with the document for approval.

Lab Faces Consequences: $16,500 Settlement with HHS Resolves HIPAA Violation Case

Life Hope Labs Pays $16,500 to HHS Over HIPAA Violation

The said HIPAA-related complaint involving Life Hope Labs marks the 43rd case under OCR’s HIPAA Right of Access Initiative. OCR It’s an initiative that strictly implements the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which requires healthcare providers to give their patients or authorized representatives the right to access their medical records.

Following the recent changes made by the HHS Office for Civil Rights, all HIPAA-related violations are now subject to both corrective action plans and settlement payments. Since Life Hope Labs is liable for not complying with the HIPAA Privacy Rule, the agreement stated that they would have to pay the settlement amount of $16,500. The full-service CAP accredited lab also agreed to implement a corrective action plan. 

More importantly, the resolution emphasized that Life Hope Labs must strictly commit to the specified action plans in the resolution, such as:

  • Creating and maintaining established procedures to ensure compliance with federal data protection laws, specifically HIPAA.
  • Providing proper and mandatory training and resources to staff within two months or 60 days of approval of its policies and procedures.
  • Promptly distributing the policies and procedures to its new members within 30 days from their hiring date.
  • Submitting a signed compliance certification indicating that their staff has read and understood such policies and procedures.
  • Ensuring its workforce follows the policies and procedures stated in the agreement.
  • Submitting a written report to the OCR for compliance with the corrective action plan (CAP) for each period. 
Lab Faces Consequences: $16,500 Settlement with HHS Resolves HIPAA Violation Case

Corrective Action Plan: Life Hope Labs Agrees to Implement Changes

After a series of court deliberations, the OCR and Life Hope Labs finally reached a settlement agreement for the HIPAA violation case involving the daughter of a deceased patient who requested access to her father’s medical records. According to the agreement, the Georgia-based laboratory should pay the resolution amount of $16,500 without questioning its validity.

Based on 42 USC § 1320a-7a(c)(1), any covered entity who violated the HIPAA Privacy Rule must pay the civil monetary penalty, or CMP, within six years from the date of occurrence. However, in the case of Life Hope Labs, the effective date of the agreement will end once it breached the CAP plus one year to ensure that the effectivity period won’t expire.

Furthermore, Life Hope Labs has agreed to comply with the corrective action plan attached to the agreement. The said CAP aims to resolve the problems that were presented in the case. For instance, Life Hope Labs failed to give a patient’s authorized representative timely access to the decedent’s PHI, which is clearly a HIPAA violation. The CAP aims to tackle the problem head-on to ensure it won’t happen again.

In case the Georgia-based lab fails to implement the CAP, then it will not be subject to release by the HHS. Following the corrective action plan, Life Hope Labs must develop and implement accurate measures to maintain and protect the privacy of their sensitive patient records. On top of that, they should follow the workforce training protocols, including the essential requirements for PHI requests.

Lab Faces Consequences: $16,500 Settlement with HHS Resolves HIPAA Violation Case


Life Hope Labs should also impose appropriate sanctions and penalties on staff or employees who violate the HIPAA Privacy Rule. In addition, the Georgia-based lab should conduct HIPAA training periodically to ensure the complete compliance of their employees. However, before implementation, all these policies are still subject to the approval of the OCR.

In conclusion, the OCR stated that Life Hope Labs agreed to pay $16,500 as a result of the settlement agreement. However, it is important to note that the payment made does not serve as a liability admission and, therefore, does not serve as a liability admission.

Kent Cañas

Kent is a content strategist currently specializing in HIPAA-compliant online fax. Her expertise in this field allows her to provide valuable insights to clients seeking a secure and efficient online fax solution.

More great articles
Best Practices to Comply With PHI Protection Under HIPAA
Best Practices to Comply With PHI Protection Under HIPAA

Find out why PHI under HIPAA should be a top priority in the healthcare industry.

Read Story
HIPAA Violations for Doctors: Examples and Penalties
HIPAA Violations for Doctors: Examples and Penalties

Find out what happens if a doctor violates HIPAA rules and guidelines.

Read Story
How to Avoid Common HIPAA Violations in Nursing Homes
How to Avoid Common HIPAA Violations in Nursing Homes

Understanding HIPAA rules for nursing homes is essential to maintain compliance and safeguard the residents' health information. 

Read Story
Subscribe to iFax Newsletter
Get great content to your inbox every week. No spam.

    Only great content, we don’t share your email with third parties.