The University of Massachusetts Amherst (UMass) recently agreed to pay $650,000 to the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) to settle alleged HIPAA violations. OCR announced the settlement in a November 22 press release.
UMass's problems stemmed from a malware infection in a computer workstation, resulting in the inadvertent disclosure of electronic protected health information (ePHI) of 1,670 people. OCR's investigation revealed several potential violations, including failure to implement policies and procedures to ensure compliance with the HIPAA Privacy and Security Rules, failure to implement appropriate technical security measures to guard against unauthorized access to ePHI, and failure to conduct a timely and thorough risk analysis.
The settlement amount was reduced due to UMass's financial condition. UMass also agreed to a corrective action plan that includes correcting the above violations and training its staff on HIPAA policies and procedures.
For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.
Click here for more Healthcare Blogs from Day Pitney
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
