The University of Texas MD Anderson Cancer Center has been ordered to pay the U.S. Department of Health and Human Services Office for Civil Rights $4.3 million for HIPAA violations. The penalties stem from three data breaches in 2012 and 2013 involving the theft of a laptop from a MD Anderson employee and the loss of two USB thumb drives, all of which contained electronic personal health information. An OCR investigation determined all three devices were not encrypted, despite MD Anderson adopting an enterprise-wide solution to use encryption in 2011. An HHS administrative law judge upheld the OCR’s decision to administer penalties for each day of noncompliance, as well as for each record compromised in the breaches.
Full Story
Comments
If you want to comment on this post, you need to login.