No HIPAA Compliance Program? Be Prepared to Pay

Home Blog No HIPAA Compliance Program? Be Prepared to Pay

On May 6, 2019, the Office of Civil Rights published a press release regarding a settlement reached with a Tennessee diagnostic medical imaging services company for $3,000,000. This settlement was reached, in essence, due to the lack of a sufficient HIPAA compliance program.

To summarize, the organization’s FTP server allowed uncontrolled access to the internet, exposing PHI for over 300,000 individuals. In the process of the OCR investigation, it was determined that the organization failed to conduct a current Risk Analysis to expose any threats or vulnerabilities to PHI that clearly existed. The OCR also determined that the organization failed to ensure valid BAA’s were in place with all required vendors/associates.

Read the full blog post from The van Halem Group

0 comments

Back to Top