$4.3 Million HIPAA Penalty for 3 Breaches

In a statement Monday, the HHS Office for Civil Rights said it was granted a summary judgment by an HHS administrative law judge, who ruled that The University of Texas MD Anderson Cancer Center violated the HIPAA privacy and security rules. The judge approved OCR imposing $4.3 million in penalties in the aftermath of its investigations into three breaches involving unencrypted devices.The ruling is only second summary judgment in the agency’s history of HIPAA enforcement. The financial penalty is the fourth largest amount ever awarded to OCR by an administrative law judge or secured in a settlement for HIPAA violations, OCR notes in the statement.A letter that OCR sent to MD Anderson says that the penalty includes $1.3 million for violations related to its unencrypted access controls and $3 million for impermissible disclosures.

Source: https://www.healthcareinfosecurity.com/43-million-hipaa-penalty-for-3-breaches-a-11094