Halloween included a not-so-nice $100K settlement and three-year corrective action plan "treat" this year for Business Associate Doctors’ Management Services (DMS) of Massachusetts, following their ransomware attack that compromised 206,695 people's protected health information.
The Office of Civil Rights concluded that DMS potentially violated HIPAA via their risk assessment process, risk management plan, policies, and information services monitoring. So now DMS has a laundry list, an unexpected bill from the government and we-don't-know from whatever class action lawsuit that's happened or is happening. These OCR findings are all pretty basic things a business associate should have been doing all along. Reach out if you're a business associate and aren't sure what to do or ask. The call is free and we don't sell or share your information.
As usual, the graphic opens a web page so you can read the OCR settlement agreement.
Stay (HIPAA) safe, Alan -