OCR conducted an investigation into the April 22, 2019, breach of the company’s network and found that Doctors’ Management failed to establish an assessment framework for identifying potential risks and vulnerabilities to electronic protected health information throughout the organization, according to an Oct. 31 news release from HHS.
The investigation also determined that Doctors’ Management had insufficient monitoring of its health information systems.
Under the settlement, OCR will monitor Doctors’ Management for three years to ensure HIPAA compliance, and the company will implement a corrective action plan that addresses how it plans to protect patients’ protected health information.
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
