In January, healthcare data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights at a rate of more than one a day.
A hacker gained access to the systems of a NY-based billing collections company American Medical Collection Agency and potentially viewed and copied the PHI of 11.9 million Quest Diagnostics patients.
Medical Informatics Engineering, Inc. has paid $100,000 to the Office for Civil Rights, and has agreed take corrective action to settle potential violations of the HIPAA Privacy and Security Rules.
Touchstone Medical Imaging has agreed to pay $3,000,000 to OCR, and to adopt a corrective action plan to settle potential violations of the HIPAA Security and Breach Notification Rules.
OCR’s final settlement of the year occurred in December 2018, when Cottage Health agreed to pay $3 million to OCR and to adopt a substantial corrective action plan to settle potential violations.
For the second consecutive month there has been a reduction in both the number of reported healthcare data breaches and the number of exposed healthcare records.
Anthem, Inc. has agreed to pay $16 million to OCR and take substantial corrective action to settle potential violations of the HIPAA Privacy and Security Rules
Office for Civil Rights (OCR) announced that it has reached separate settlements with Boston Medical Center, Brigham and Women's Hospital, and Massachusetts General Hospital