University of Rochester Medical Center in New York has agreed to pay HHS' Office for Civil Rights $3 million in one of the biggest HIPAA fines this year.
The OCR imposed the fine on University of Rochester Medical Center in response to multiple instances of the health system failing to encrypt mobile devices.
"Because theft and loss are constant threats, failing to encrypt mobile devices needlessly puts patient health information at risk," OCR Director Roger Severino said in a statement Tuesday.
The medical center did not immediately respond to a request for comment.
In 2017, the health system reported a breach of patients' protected health information to the OCR after discovering the loss of an unencrypted laptop, the agency said. Four years earlier, in 2013, URMC had similarly reported a breach to the agency after the loss of an unencrypted flash drive.
OCR's investigation into the incidents found that URMC had neglected to utilize device controls and employ encryption for electronic protected health information, among other security measures. The health system had also failed to conduct a systemwide risk analysis, the agency said.
That's despite the fact that, in 2010, the OCR had investigated URMC for another breach involving the loss of an unencrypted flash drive.
"When covered entities are warned of their deficiencies, but fail to fix the problem, they will be held fully responsible for their neglect," Severino said in the statement.
In addition to the monetary settlement, the University of Rochester Medical Center will also implement a corrective action plan, which includes HHS monitoring the health system's compliance with HIPAA for two years.
URMC's fine is tied for the largest settlement announced by the OCR this year. Last month, the OCR slapped the Jackson Health System with a $2.1 million fine after an investigation revealed three separate HIPAA violations since 2013.
Touchstone Medical Imaging also agreed to pay the OCR $3 million in May, after the diagnostic medical imaging services company reportedly exposed more than 300,000 patients' protected health information by not adequately restricting access to information on one of its servers.
"fine" - Google News
November 06, 2019 at 05:47AM
https://ift.tt/36F3fnW
University of Rochester Medical Center to pay $3 million HIPAA fine - ModernHealthcare.com
"fine" - Google News
https://ift.tt/2NyjnPq
Shoes Man Tutorial
Pos News Update
Meme Update
Korean Entertainment News
Japan News Update
No comments:
Post a Comment