The University of Texas MD Anderson Cancer Center filed an appeal with the U.S. Court of Appeals, Fifth Circuit in Texas over a $4.3 million penalty for violating the Health Insurance Portability and Accountability Act, HealthITSecurity reports. In the appeal, MD Anderson argues the fine is unlawful, “beyond statutory caps,” and constitutes an “excessive” penalty. The fine was imposed following a 2018 investigation into the theft of an unencrypted laptop and two unencrypted USB devices that resulted in a data breach involving 35,000 patients. In its findings, the U.S. Department of Health and Human Services’ Office for Civil Rights found that the breaches could have been avoided if encryption had been employed.
If you want to comment on this post, you need to login.