States Privacy News

HIPAA Events


Events Webinars Training

$150,000 - Anchorage Community Mental Health Svs

The HHS Office for Civil Rights began an investigation after receiving a self-report notification from Anchorage Community Mental Health Services regarding the breach of unsecured electronic protected health information affecting 2,743 individuals due to malware which compromised the security of its IT resources. | Read the HHS Resolution Agreement

$800,000 - Parkview Health System, Inc.

OCR investigated after receiving a complaint from a physician alleging that Parkview had violated the HIPAA Privacy Rule. Parkview employees, with notice that the physician was not at home, left boxes containing medical records unattended on the driveway of the physician’s home. | Read the HHS Press Release

$4.8 million - New York and Presbyterian Hospital & Columbia University

A breach was caused when a physician who developed applications attempted to deactivate a personally-owned computer server on the network containing patient ePHI. Due to a lack of technical safeguards, deactivation of the server caused ePHI to be accessible on internet. The information was subsequently indexed by search engines. | Read the HHS Press Release

$1,725,220 - Concentra Health Services

Concentra notified HHS regarding a breach of unsecured electronic protected health information (ePHI) after an unencrypted laptop was stolen out of one of its physical therapy centers. | Read the Resolution Agreement

$250,000 - QCA Health Plan, Inc.

HHS received notification from QCA regarding a breach of the ePHI of 148 individuals. OCR found that QCA did not implement policies and procedures to prevent, detect, contain, and correct security violations, including conducting an accurate and thorough assessment of the potential risks and vulnerabilities. | Read the Resolution Agreement