HHS' Office for Civil Rights reached a settlement with iHealth Solutions, a software and services provider for healthcare providers based in Louisville, Ky., regarding violations of HIPAA privacy and security rules.
The investigation began in August 2017 when a data breach report revealed an unauthorized transfer of protected information of 267 patients, including names, dates of birth, addresses, Social Security numbers, email addresses, diagnoses, treatment information and medical histories, according to a June 28 report from HHS.
The investigation discovered further evidence that iHealth Solutions may not have done a proper analysis to identify the risks and weaknesses in its network.
The terms of the settlement required iHealth Solutions to pay $75,000 in fines and implement a corrective action plan to eliminate HIPAA violations and ensure electronic health information is protected and secure. The OCR will monitor the business for two years to confirm they are following the steps and adhering to the HIPAA security rule, according to the report.