States Privacy News

HIPAA Events

calendar

Events Webinars Training

$2.2 million - MAPFRE Life Insurance Company

OCR has announced a settlement based on the impermissible disclosure of unsecured electronic PHI. The entity filed a breach report with OCR indicating that a USB drive containing ePHI was stolen from its IT department. The breach affected 2,209 individuals. OCR's investigation found the entity's failure to conduct a risk analysis and implement a risk management plan, and failed to use encryption, among other findings. | Read the Press Release

$475,000 - Presence Health

OCR announced the first of its kind settlement with an entity for not timely reporting a breach of unsecured PHI. | Read the Press Release

$2.14 million - St. Joseph Health

The Covered Entity self-reported that files containing ePHI had been made available to the public via the Internet for a period of 12 months. | Read the Press Release

$400,000 - Care New England Health System

... | Read the Press Release

$5.55 million - Advocate Health Care

The entity's self-report of three breaches began an investigation which found HIPAA non-compliance with the Security Rule dating back to the inception of the Rule in certain cases. Key items found were related to risk assessments, implementation of policies and procedures, and Business Associate contracts. | Read the Press Release