The U.S. Department of Health and Human Services announced its Office for Civil Rights has issued Florida-based Jackson Health System a $2.15 million fine for violations of the Health Insurance Portability and Accountability Act. The fine is the result of improper data breach notifications and lacking risk management and assessment by Jackson Health System over a three-year span from 2013-2016. OCR Director Roger Severino said the investigation revealed "a HIPAA compliance program that had been in disarray for a number of years." He added that the program failed to "detect and stop an employee" who stole and sold patient records.
If you want to comment on this post, you need to login.