Three Year, $950K, Heritage Valley Health System Settlement
Today the Office for Civil Rights (OCR) announced a settlement with Heritage Valley Health System (Heritage Valley), which provides care in Pennsylvania, Ohio and West Virginia, "...concerning potential violations of the HIPAA Security Rule..." Heritage Valley was the victim of a ransomware attack.
It stinks to read that criminals were able to compromise Heritage Valley's information services. It double stinks to hear that Heritage Valley reportedly failed to conduct a compliant risk analysis, to implement a contingency plan to respond to emergencies, and implement policies and procedures to allow only authorized users access to electronic protected health information. These are all basic HIPAA requirements and this HHS announcement reads like it's from 2013.
The $950K, three year settlement is only a piece of Heritage Valley's financial woes and we especially feel for their affected clients. Click the graphic below to read the agreement and please contact us if you're not ready to endure an OCR audit.
Stay (HIPAA) safe,
Alan -
Comments