Settlement Reached After 200,000 Affected by HIPAA Breach
In addition to a monetary settlement, MedEvolve has agreed to a two year corrective action plan, where OCR will monitor the business associate’s compliance with HIPAA. Among other obligations, the corrective action plan requires MedEvolve to develop and implement a risk management plan to identify security risks and vulnerabilities, and augment its current HIPAA and Security training program.
The HIPAA Privacy, Security, and Breach Notification Rules apply to most health care entities and those who maintain, access, use and/or disclose PHI when they do business with them. This settlement serves as a reminder that it is critical for covered entities, business associates, and their subcontractors to comply with the requirements imposed by the HIPAA regulations, which includes securing (encrypting) PHI and entering into downstream business associate agreements. If you believe your organization has experienced a potential HIPAA breach, please contact a Dinsmore health care attorney.
Link to article