MCHS is a federally qualified health center that provides various discounted medical services to underserved patients in North Carolina. It has agreed to the HIPAA settlement doing business as Washington, N.C.-based Agape Health Services.
In June 2011, Metro filed a breach report with the OCR stating that an unknown email account gained unauthorized access to the protected health information of 1,263 patients. After investigating the incident, OCR discovered “longstanding, systemic noncompliance with the HIPAA Security Rule,” according to the news release. Metro did not conduct any risk analyses, did not implement any HIPAA Security Rule policies and procedures and did not provide staff members with security awareness training until 2016.
“Healthcare providers owe it to their patients to comply with the HIPAA Rules,” OCR Director Roger Severino said. “When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information.”
In addition to the $25,000 settlement, Metro will also adopt a corrective action plan that includes two years of monitoring.
More articles on cybersecurity:
Emotet malware returns in new spam campaign: 5 things to know
Despite promised privacy protections, Google’s coronavirus tracking app system may gather location data
Microsoft’s most critical vulnerabilities in the past 6 months
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
