AEON Clinical Laboratories $25,000 Settlement for Potential HIPAA Security Rule Violations

May 26, 2021
By Danielle Dietrich
Posted in Health Law

On May 25, 2021 the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced at $25,000 settlement with Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories, for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.  AEON provides diagnostic and laboratory tests, including clinical and genetic testing.

HHS had initiated a compliance review of AEON after its merger partner, Authentidate Holding Corporation was involved with a breach of unsecured protected health information (PHI) with the U.S. Department of Veteran’s Affairs.  According to the HHS press release, the investigation of AEON “found systemic noncompliance with the HIPAA Security Rule, including failures to conduct an enterprise-wide risk analysis, implement risk management and audit controls, and maintain documentation of HIPAA Security Rule policies and procedures.”

In additional to the monetary settlement, AEON agreed to a very thorough and detailed three-year Corrective Action Plan.

You can read the HHS Resolution Agreement and the Corrective Action Plan here:

If you would like guidance on how it can prevent HIPAA violations from occurring, or how to handle a HIPAA violation, please contact Danielle Dietrich at 412-227-0284 or