On July 13, a health and sciences university signed a resolution agreement with the United States Department of Health and Human Services Office for Civil Rights ("OCR") regarding two data breaches that occurred in 2013. In the first breach, a laptop belonging to the university with electronically protected health information was stolen. The second breach involved the unprotected use of "cloud" storage. The resolution agreement includes a $2.7 million payment and a plan for corrective action.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.