On May 25, 2021, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced at $25,000 settlement with Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories, for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.  AEON provides diagnostic and laboratory tests, including clinical and genetic testing.

HHS had initiated a compliance review of AEON after its merger partner, Authentidate Holding Corporation was involved with a breach of unsecured protected health information (PHI) with the U.S. Department of Veteran’s Affairs.  According to the HHS press release, the investigation of AEON “found systemic noncompliance with the HIPAA Security Rule, including failures to conduct an enterprise-wide risk analysis, implement risk management and audit controls, and maintain documentation of HIPAA Security Rule policies and procedures.”

In addition to the monetary settlement, AEON agreed to a very thorough and detailed three-year Corrective Action Plan.

You can read the HHS Resolution Agreement and the Corrective Action Plan here: https://www.hhs.gov/sites/default/files/peachstate-ra-cap.pdf