GovInfoSecurity.com, May 8, 2014
The Department of Health and Human Services has issued its largest HIPAA enforcement action to date, entering settlements totaling $4.8 million with two New York organizations tied to the same 2010 breach. The incident, which involved unsecured patient data on a network, affected about 6,800 patients. The settlements with New York-Presbyterian Hospital and Columbia University cite, among other factors, the lack of a risk analysis and failure to implement appropriate security policies. In a joint statement provided to Information Security Media Group, the two New York organizations say, "[We] are committed to providing not only the highest levels of medical care to our patients but also handling their personal and medical data with the greatest respect and integrity.