In July 2015, the Fort Wayne, Ind.-based medical records provider reported a data breach to the OCR, stating that hackers accessed a compromised user identification and password to gain entry into the electronic protected health information of nearly 3.5 million patients.
Upon investigation, the OCR found MIE did not perform a proficient risk analysis prior to the data breach, a mandatory HIPAA rule.
“Entities entrusted with medical records must be on guard against hackers,” OCR Director Roger Severino said in a news release. “The failure to identify potential risks and vulnerabilities to ePHI opens the door to breaches and violates HIPAA.”
Along with paying the $100,000 settlement, MIE agreed to a corrective action plan, which includes completing an enterprise-wide risk analysis.
More articles on cybersecurity:
Oregon State Hospital alerts patients of phishing attack
Memorial Hermann employee ‘improperly’ used patients’ credit card info
First cybercrime hotline unveiled in Rhode Island
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
