Indiana EHR provider pays $100K to settle HIPAA violation

Medical Informatics Engineering, a medical records service provider, agreed to pay the Office for Civil Rights at HHS $100,000 to settle a HIPAA breach.

In July 2015, the Fort Wayne, Ind.-based medical records provider reported a data breach to the OCR, stating that hackers accessed a compromised user identification and password to gain entry into the electronic protected health information of nearly 3.5 million patients.

Upon investigation, the OCR found MIE did not perform a proficient risk analysis prior to the data breach, a mandatory HIPAA rule.

“Entities entrusted with medical records must be on guard against hackers,” OCR Director Roger Severino said in a news release. “The failure to identify potential risks and vulnerabilities to ePHI opens the door to breaches and violates HIPAA.”

Along with paying the $100,000 settlement, MIE agreed to a corrective action plan, which includes completing an enterprise-wide risk analysis.

More articles on cybersecurity:

Oregon State Hospital alerts patients of phishing attack
Memorial Hermann employee 'improperly' used patients' credit card info
First cybercrime hotline unveiled in Rhode Island

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months