Gov Info Security: The Department of Health and Human Services has issued its largest HIPAA enforcement action to date, entering settlements totaling $4.8 million with two New York organizations tied to the same 2010 breach. The incident, which involved unsecured patient data on a network, affected about 6,800 patients.
The settlements with New York-Presbyterian Hospital and Columbia University cite, among other factors, the lack of a risk analysis and failure to implement appropriate security policies.
