OCR Scrutiny Continues – Are You Ready For the September Deadline?

more+
less-
more+
less-

On May 21, 2013, the U.S. Department of Health and Human Services (“HHS”) released details regarding a $400,000 settlement with Idaho State University (“ISU”) for alleged violations of the HIPAA Security Rule. The settlement involves the breach of unsecured electronic protected health information (“ePHI”).

ISU notified HHS in 2011 that the ePHI of approximately 17,500 patients was accessible because a server firewall was disabled at one of its medical clinics. The HHS Office for Civil Rights (“OCR”) determined that, for a period of approximately five years, ISU: (1) did not conduct a risk analysis of its ePHI as part of its security management process, (2) did not implement security measures sufficient to reduce the risks and vulnerabilities to a reasonable and appropriate level, and (3) did not implement procedures to regularly audit records of information system activity to determine if any ePHI was used or disclosed in an inappropriate manner.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Topics:  HHS, HIPAA, PHI, Security and Privacy Controls

Published In: Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thompson Coburn LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »