, May 8, 2014

The Department of Health and Human Services has issued its largest HIPAA enforcement action to date, entering settlements totaling $4.8 million with two New York organizations tied to the same 2010 breach. The incident, which involved unsecured patient data on a network, affected about 6,800 patients. The settlements with New York-Presbyterian Hospital and Columbia University cite, among other factors, the lack of a risk analysis and failure to implement appropriate security policies. In a joint statement provided to Information Security Media Group, the two New York organizations say, "[We] are committed to providing not only the highest levels of medical care to our patients but also handling their personal and medical data with the greatest respect and integrity.
Facebook icon
LinkedIn icon
Twitter icon