OCR Settlement Of HIPAA Violation Of Business Associate

AC
Ankura Consulting Group LLC
Contributor
Ankura Consulting Group, LLC is an independent global expert services and advisory firm that delivers end-to-end solutions to help clients at critical inflection points related to conflict, crisis, performance, risk, strategy, and transformation. Ankura consists of more than 1,800 professionals and has served 3,000+ clients across 55 countries. Collaborative lateral thinking, hard-earned experience, and multidisciplinary capabilities drive results and Ankura is unrivalled in its ability to assist clients to Protect, Create, and Recover Value. For more information, please visit, ankura.com.
On May 16, 2023, the U.S. Department of Health and Human Services (DHHS) through the Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance...
United States Food, Drugs, Healthcare, Life Sciences
To print this article, all you need is to be registered or login on Mondaq.com.

On May 16, 2023, the U.S. Department of Health and Human Services (DHHS) through the Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with MedEvolve, Inc. MedEvolve is a business associate that provides practice management, revenue cycle management, and practice analytics software services to covered healthcare entities. The settlement relates to a data breach where a server containing the protected health information of 230,572 individuals was left unsecured and accessible on the internet.

OCR identified a lack of an analysis to determine risks and vulnerabilities to electronically protected health information across the organization and a failure to enter into a business associate agreement with a subcontractor. As part of the settlement, MedEvolve has paid a $350,000 monetary settlement to OCR and entered into a corrective action plan.

As part of the settlement agreement, MedEvolve will be monitored for two years by OCR and will be required to conduct an accurate and thorough risk analysis to determine risks and vulnerabilities to electronic patient data across the organization and develop and implement a risk management plan to address and mitigate any identified security and vulnerabilities risk.

Some of the key takeaways from the OCR publication are the following: OCR investigates every report received of breaches of unsecured protected health information affecting 500 or more individuals; Hacking/IT incidents were the most frequent type of breach that was reported to OCR in 2022 with (79%); HIPAA regulated entities (Covered Entities and Business Associates) have a responsibility to ensure that all protected health information they manage is adequately protected in compliance with HIPAA regulations. The performance of an annual assessment for privacy and security for systems that manage protected health information should be performed to identify risk and vulnerabilities to then properly address and mitigate them. At Ankura, we have our team of healthcare compliance, privacy and security experts ready to provide assistance to your organization to help comply with the HIPAA Regulations.

Find here the link to the publication issued by the OCR: https://www.hhs.gov/about/news/2023/05/16/hhs-office-civil-rights-settles-hipaa-investigation-arkansas-business-associate-medevolve-following-unlawful-disclosure-phi-unsecured-server-350-000.html

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

OCR Settlement Of HIPAA Violation Of Business Associate

United States Food, Drugs, Healthcare, Life Sciences
Contributor
Ankura Consulting Group, LLC is an independent global expert services and advisory firm that delivers end-to-end solutions to help clients at critical inflection points related to conflict, crisis, performance, risk, strategy, and transformation. Ankura consists of more than 1,800 professionals and has served 3,000+ clients across 55 countries. Collaborative lateral thinking, hard-earned experience, and multidisciplinary capabilities drive results and Ankura is unrivalled in its ability to assist clients to Protect, Create, and Recover Value. For more information, please visit, ankura.com.
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More