41 States' Attorneys General have tentatively agreed to a settlement, following AMCA's 2019-reported data breach that affected more than 21 million patients, primarily linked through laboratory services billing. The breach was the largest reported in 2019 and the decision we linked below indicates that AMCA is paying the states just under $1,7M. AMCA is also required to establish a Chief Information Security Officer that reports to the Chief Executive Officer, establish a written information security program, create a documented written incident response plan to prepare for and respond to any future security events, and provide a third-party annual assessment of its program. Frankly, there are many other requirements that AMCA is agreeing to and the point of this post is to remind us all that healthcare entities can either keep their hands on the proverbial steering wheel or let someone else drive their program - at a considerable cost increase.
Let's work to keep our (e)PHI secure and our hands on the wheel. Send us a note to get started.
Stay (HIPAA) safe, Alan -