HIPAA settlement highlights need for security management process

Apr 12, 2017 - 03:18 PM

Metro Community Provider Network, a federally-qualified health center, has agreed to pay $400,000 and implement a corrective action plan to settle potential noncompliance with the Health Insurance Portability and Accountability Act privacy and security rules, the Department of Health and Human Services’ Office for Civil Rights announced today. The health center filed a breach report with OCR in January 2012 indicating that a hacker accessed employees' email accounts and obtained electronic protected health information for 3,200 individuals through a phishing incident. “Prior to the breach incident, MCPN had not conducted a risk analysis to assess the risks and vulnerabilities in its ePHI environment, and, consequently, had not implemented any corresponding risk management plans to address the risks and vulnerabilities identified in a risk analysis,” OCR said. “When MCPN finally conducted a risk analysis, that risk analysis, as well as all subsequent risk analyses, were insufficient to meet the requirements of the Security Rule.” For more on the HIPAA Security Rule, see the OCR guidance and AHA’s online resources.

Related News Articles

Headline
AHA recommends federal actions to address opioid crisis
Eliminating the Medicaid Institutions for Mental Disease exclusion for adults under age 65 would help improve access to treatment for those with severe or…
Headline
HHS announces additional hurricane waivers, resources
Health and Human Services Secretary Tom Price Friday declared public health emergencies in Georgia and South Carolina due to Hurricane Irma, and waived or…
Headline
HHS eases certain provider requirements due to hurricane emergencies
Health and Human Services Secretary Tom Price yesterday declared a public health emergency in Florida due to Hurricane Irma, and waived or modified certain…
Headline
CMS issues guidance on virtual credit cards, transaction fees
The Centers for Medicare & Medicaid Services recently issued several Health Insurance Portability and Accountability Act FAQs on virtual credit cards and…
Headline
Legislation would align patient confidentiality regulations with HIPAA
Reps. Tim Murphy (R-PA) and Earl Blumenauer (D-OR) Friday introduced the Overdose Prevention and Patient Safety Act (H.R. 3545), AHA-supported legislation that…
Headline
AHA urges Congress to provide resources to investigate, prevent cyber attacks
The AHA today urged Congress to provide law enforcement and other appropriate agencies with the resources to investigate cyber attacks and proactively prevent…