States Privacy News

HIPAA Events

calendar

Events Webinars Training

The entity reported a breach to OCR stating that a hacker accessed staffs' email accounts and obtained the protected health information of 3,200 individuals. OCR found that the entity failed to conduct a risk analysis until after the event. Prior to the event, the entity had not conducted a risk analysis and further found that when it did, it had not implemented any corresponding risk management plans to address the risks and vulnerabilities identified. Additionally, it found that the analysis was insufficient to meet the requirements of the Security Rule. | Read the Press Release