[firm] blog logo

Settlement of HIPAA Privacy and Security Rule Violations Costs Covered Entities $3.5 Million

HHS recently entered into a $3.5 million settlement agreement with a health care provider (the ?Ç£Provider?Ç¥) on behalf of five entities under its common ownership and control for violations of the HIPAA privacy and security rules. Each of the five entities constituted a ?Ç£covered entity?Ç¥ under HIPAA. In 2013, the Provider filed five breach reports with HHS, each of which pertained to a separate incident that implicated the ?Ç£electronic protected health information?Ç¥ (?Ç£EPHI“) of one of those covered entities. HHS?ÇÖs subsequent investigation of the breaches revealed a number of violations of the HIPAA privacy and security rules, including that certain of the covered entities: Failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of EPHI; Provided unauthorized access to EPHI for a purpose not permitted by the HIPAA privacy rules; Failed to implement policies and procedures to address security… Continue Reading

March 2018
S M T W T F S
 123
45678910
11121314151617
18192021222324
25262728293031

Archives