States Privacy News

HIPAA Events

calendar

Events Webinars Training

$3.9 million - Feinstein Institute for Medical Research

OCR, after conducting an investigation based on the entity's self-report of a laptop being stolen from a workforce member's vehicle, found the entity's security management process was limited in scope, incomplete, and insufficient to address potential risks and vulnerabilities to ePHI. | Read the Press Release

$1.55 million - North Memorial Health Care of Minnesota

OCR, after conducting an investigation based on the entity's self-report of a laptop being stolen from a workforce member's vehicle, found two major failings. One was the lack of a required Business Associate Agreement (BAA) with a vendor and second, the lack of a complete risk analysis. | Read the Press Release

$25,000 - Complete P.T., Pool & Land Physical Therapy, Inc.

OCR's investigation was based on a complaint that the entity posted individual's PHI on its website in the form of testimonials without obtaining authorizations. | Read the HHS Notice

$239,800 - Lincare, Inc.

OCR's investigation was based on a complaint that a workforce member moved residences and left behind document which contained the PHI of 278 individuals. | Read the HHS Press Release

$750,000 - University of Washington Medicine (UWM)

OCR started investigating after the entity made a breach notification self-report. An estimated 90,000 individuals's PHI was accessed when a workforce member downloaded an email attachment which contained malware. | Read the HHS Press Release