States Privacy News

HIPAA Events

calendar

Events Webinars Training

$150,000 - Adult & Pediatric Dermatology, P.C.

OCR started an investigation upon receiving a report that a flash drive containing the ePHI of approximately 2,200 individuals was stolen from the vehicle of one its workforce members. | Read the Resolution Agreement

$1,215,780 - Affinity Health Plan, Inc

OCR’s investigation identified that Affinity breached the PHI of over 344,000 individuals when it returned several photocopiers to their leasing agent without wiping the data contained on the copier's hard drives. | Read the Resolution Agreement

$1.7 million - WellPoint Inc.

The managed care company WellPoint Inc. has agreed to pay HHS $1.7 million to settle potential violations of HIPAA's Privacy and Security Rules. OCR’s investigation indicated that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule. | Read the Resolution Agreement

$275,000 - Shasta Regional Medical Center

Shasta Regional Medical Center (SRMC) has agreed to settle with HHS for potential violations of HIPAA and will pay a $275,000. SRMC has also agreed to a comprehensive corrective action plan (CAP) to update policies and procedures on safeguarding PHI from "impermissible uses and disclosures" and to train its staff. | Resolution Agreement

$400,000 - Idaho State University

Idaho State University has agreed to pay $400,000 as part of a resolution agreement stemming from an incident it reported in August 2011 that potentially could have exposed information on 17,500 patients. | Resolution Agreement