The U.S. Department of Health and Human Services reports its Office for Civil Rights has received a $100,000 settlement from Medical Informatics Engineering, an Indiana-based medical records service, for Health Insurance Portability and Accountability Act violations. The OCR found MIE did not perform a proper risk assessment of its cybersecurity before a breach in 2015 that exposed the electronic health records of 3.5 million patients. “Entities entrusted with medical records must be on guard against hackers,” OCR Director Roger Severino said. “The failure to identify potential risks and vulnerabilities to ePHI opens the door to breaches and violates HIPAA.” MIE is also set to undergo corrective action as part of the settlement.
If you want to comment on this post, you need to login.