Search

A (Bad) Blast from the Past

With all of the phishing and other hacking attacks dominating the headlines, yesterday's OCR note was like reading a scenario from 2012. The University of Rochester Medical Center has agreed to a $3M, two-year corrective action plan after failing to encrypt their mobile devices. As with any investigation, the Office of Civil Rights also discovered URMC:

  • failed to conduct an enterprise-wide risk analysis

  • implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level

  • utilize device and media controls; and

  • employ a mechanism to encrypt and decrypt electronic protected health information when it was reasonable and appropriate to do so.

We don't enjoy reporting non-compliance cases but post OCR actions so that organizations may consider the real impact of their compliance and security decisions. Click the graphic below to read the OCR report.


6 views

Experience                   Integrity                        Results

Proteus Consulting, LLC

10323 N. Strahorn Rd

Hayden, ID, 83835

(208) 215.5607

Copyright © 2013 - 2020 Proteus Consulting, LLC