OSHA Increases Penalties for Workplace Health and Safety Violations

Posted by Steve Alder

The Occupational Safety and Health Administration (OSHA) has increased the minimum and maximum civil monetary penalties (CMPs) for workplace safety violations, as required by the Federal Civil Penalties Inflation Adjustment Act.

To maintain the deterrent effect of CMPs and to promote compliance with the law, the Federal Civil Penalties Inflation Adjustment Act requires an annual adjustment of CMPs to account for inflation. Each year, the Office of Management and Budget (OMB) calculates an inflation multiplier, and all federal agencies are required to apply that multiplier to their CMP structures by January 15. For 2024, the OMB has calculated a multiplier of 1.03241 to reflect the cost-of-living increase over the past 12 months.

OSHA confirmed the cost-of-living increase in a final rule published in the Federal Register on January 11, 2023. The final rule is effective on January 15, 2024, and will apply to all citations issued by OSHA on or after January 16, 2024. The new penalty structure also applies to open inspections that commenced before January 16, 2024. The new CMP structure is detailed in the table below.

Type of Violation Penalty Minimum Penalty Maximum
Serious $1,190** per violation $16,131 per violation
Other-Than-Serious $0 per violation $16,131 per violation
Willful or Repeated $11,524* per violation $161,323 per violation
Posting Requirements $0 per violation $16,131 per violation
Failure to Abate N/A $16,131 per day unabated beyond the abatement date [generally limited to 30 days maximum]

* For a repeated other-than-serious violation that otherwise would have no initial penalty, a  Gravity Based Penalty (GBP) of $460 shall be proposed for the first repeated violation, $1,152 for the second repeated violation, and $2,304 for a third repetition.
**This amount reflects the actual minimum penalty with all penalty reductions which rectifies error in the previous years’ serious minimum penalty posted.

In several U.S. states, state agencies enforce the Occupational Safety and Health Act rather than OSHA, and penalties for workplace safety violations may differ in those states.

The post OSHA Increases Penalties for Workplace Health and Safety Violations appeared first on HIPAA Journal.

ReproSource Fertility Diagnostics Proposes $1.25 Million Class Action Data Breach Settlement

Posted by Steve Alder

ReproSource Fertility Diagnostics has proposed a settlement to resolve litigation stemming from a 2021 ransomware attack that potentially resulted in the theft of the sensitive health data of up to 350,000 patients. The Marlborough, MA-based fertility testing laboratory, which is owned by Quest Diagnostics, had its network breached on August 8, 2021. The intrusion was detected on August 10 when ransomware was deployed. The forensic investigation confirmed that the parts of the network that the threat actors could access included files that contained sensitive health information.

The data exposed included names, addresses, phone numbers, email addresses, dates of birth, billing, and health information, such as CPT codes, diagnosis codes, test requisitions, and results, test reports and/or medical history information, health insurance or group plan identification names and numbers, and other information provided by individuals or by treating physicians, and for a limited number of individuals, Social Security numbers, financial account numbers, driver’s license numbers, passport numbers, and/or credit card numbers.

While no evidence of data exfiltration was found, data theft could not be ruled out, so ReproSource notified approximately 350,000 individuals on October 21, 2023, and was promptly sued. Two class action lawsuits were consolidated into a single lawsuit as they made similar allegations – that ReproSource was negligent by failing to implement reasonable and appropriate cybersecurity measures to prevent unauthorized access to patient data. The lawsuits alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and data breach notification and consumer protection laws in Massachusetts.

The decision was taken to settle the litigation with no admission of wrongdoing. Under the terms of the settlement, class members may submit claims for up to $3,000 to cover out-of-pocket, unreimbursed losses that are reasonably traceable to the data breach, including up to 8 hours of lost time, three years of credit monitoring services, and a $1 million identity theft insurance policy. Alternatively, class members can claim a cash payment of $50. $1.25 million has been set aside to cover claims, which will be paid pro rata if that total is reached. Class members who were California residents at the time of the breach will be entitled to an additional $50 payment.

The consolidated lawsuit also sought injunctive relief, which included major upgrades to data security to prevent similar cyberattacks and data breaches in the future. The settlement also includes the requirement for ReproSource to make significant improvements to its information security program, including enhancing its monitoring and detection tools. The settlement will need to receive final approval from a Massachusetts judge.

The post ReproSource Fertility Diagnostics Proposes $1.25 Million Class Action Data Breach Settlement appeared first on HIPAA Journal.