The Office for Civil Rights (OCR), the organization responsible for enforcing HIPAA compliance, has issued a press release saying that The University of Washington Medicine will pay $750,000 in a settlement for a data breach. The breach occurred on November 27, 2013, when an employee downloaded an e-mail attachment that contained malware, which gained access to the e-PHI of roughly 90,000 people.
This is the fourth HIPAA-related settlement since OCR appointed Deven McGraw to serve as deputy director for health information privacy this past June. McGraw’s settlements have a reputation for being especially costly. For example, Cancer Care Group, P.C. also paid $750,000, Lahey Medical paid $850,000, and Triple S Management Corporation—a Puerto Rican Blue Cross Blue Shield licensee—owed $3,500,000 for multiple HIPAA violations. According to Health Data Management, each of these organizations agreed to complete a comprehensive corrective action plan in response to their respective violations.
Original Source: Health Security Solutions
View the full story here