States Privacy News

HIPAA Events

calendar

Events Webinars Training

$2.75 million - University of Mississippi Medical Center

The entity's self-report of a stolen laptop containing PHI launched an OCR investigation which found that among multiple violations, the entity had been aware of risks and vulnerabilities to its systems, but took no corrective action until after the incident. | Read the Resolution Agreement

$2.7 million - Oregon Health & Science University

Multiple reports of breaches, including the theft of a USB thumb drive with PHI, prompted the OCR investigation. The investigation found widespread HIPAA violations of the Security Rule which included lack of Business Associate Agreements and the failure to address risks found in the required risk analyses.| Read the Press Release

$650,000 - Catholic Health Care Services of the Arch. of Phila.

OCR began the investigation after receiving notice that the entity had suffered a breach of protected health information. The incident involved the theft of a workforce member's mobile device (phone). The device was not encrypted. The information on the phone contained a large amount of PHI. | Read the Resolution Agreement and Corrective Action Plan

$750,000 - Raleigh Orthopaedic Clinic, P.A.

OCR found the lack of a Business Associate Agreement (BAA) with a vendor handling the entity's PHI. | Read the Bulletin

$2.2 Million - New York Presbyterian

OCR investigated the disclosure of two patients’ PHI (filmed images) during the filming of a TV show, without first obtaining authorization from the patients. | Read the Press Release