On February 3, 2016, the U.S. Department of Health and Human Services issued a statement and released the opinion of the Administrative Law Judge who found in favor of the Office of Civil Rights (“OCR”) determining that a home health agency, Lincare, Inc. (“Lincare”) violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule requiring Lincare, to pay $239,800 in civil money penalties. All covered entities should review the opinion and the OCR’s comments and begin taking any and all “necessary steps” to ensure HIPAA compliance and to make certain protected health information is adequately protected.