Idaho State University ((ISU) has agreed to pay $400,000 to HHS for violations of the HIPAA Security Rule. The settlement involves the breach of unsecured EPHI of 17,500 individuals who were patients at an ISU clinic. OCR opened its investigation after ISU notified HHS that the EPHI of approximately 17,500 individuals was accessible at its Pocatello Family Medicine Clinic because an ISU server firewall was disabled. OCR investigators found that ISU did not apply proper security measures and policies to address risks to EPHI and did not have in place procedures for routine review of information system activity which could have detected the breach in the firewall much sooner. Overall, ISU failed to ensure the uniform implementation of required Security Rule Protections at each of its covered clinics.
A key requirement of the compliance regulations, such as HIPAA, HITECH, or PCI DSS, is that organizations must conduct a comprehensive and thorough assessment of the potential risks and vulnerabilities of the confidentiality, integrity, and availability of all sensitive information such as Personally Identifiable Information.
Learn more by going to: www.wilsontechgroup.com
Find us on: Facebook; LinkedIn