A Medical Imaging Company Will Pay 3 Million Dollars In HIPAA Data Breach Settlement

PC
Pearl Cohen Zedek Latzer Baratz

Contributor

Pearl Cohen Zedek Latzer Baratz logo
Pearl Cohen is an international law firm with offices in Israel, the United States, and the United Kingdom. Our strength is derived from decades of legal experience and an intimate knowledge of the cutting edge technological, legal, and transactional issues facing our clients in local and cross border matters. This combination of experience and knowledge allows us to provide sound and innovative advice to clients worldwide.
A diagnostic medical imaging company from Tennessee has settled an investigated by the FBI and the OCR at the U.S Department of Health and Human Services, which enforces HIPAA.
United States Privacy

A diagnostic medical imaging company from Tennessee has settled an investigated by the FBI and the Office of Civil Rights (OCR) at the U.S Department of Health and Human Services, which enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The company was investigated for a breach in its servers that enabled unauthorized access to sensitive health information, included patients' names, birth dates, social security numbers and addresses.

According to the settlement, patients' health information remained accessible and visible on the internet even after the company's server was taken offline, and the information was available for indexing by search engines.

The OCR found that the company did not investigate the breach for several months after it had been notified by the FBI and OCR, and failed to properly and timely notify its patients about the breach. It also found that the company failed to assess the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the information it held, and failed to put in place appropriate agreements with its vendors and third party providers, as required by HIPAA.

In addition to the settlement payment, the company must take corrective actions to enter into proper agreements with its vendors, put in place policies and procedures in accordance with HIPPA, and conduct a comprehensive risk analysis.

Click HERE to read the Resolution Agreement and HERE to read the U.S Department of Health and Human Services Press Release.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More