Oklahoma State University settles HIPAA allegations for $875K

Stillwater-based Oklahoma State University Center for Health Science has agreed to pay a financial penalty of $875,000 to resolve allegations it violated HIPAA privacy, security and breach notification rules stemming from a 2018 data breach. 

On Jan. 5 2018, Oklahoma State University Center for Health Science learned that malware had been installed on its server, allowing an unauthorized user to access the protected health information of 279,865 individuals, HHS said in a July 14 news release.

Names, Medicaid numbers, healthcare provider names, dates of service, dates of birth, addresses and treatment information were compromised in the breach, HHS said. 

Oklahoma State University Center for Health Science initially declared that the data breach occurred on Nov. 7, 2017, however, it was later reported that the unauthorized user first had access to patient information on March 9, 2016.

The HHS Office for Civil Rights determined Oklahoma State University Center for Health Science had potentially violated the following provisions of HIPAA:

  • Impermissible disclosure of the protected health information of 279,865 individuals

  • Failure to conduct a comprehensive and accurate organizationwide risk analysis

  • Failure to perform a periodic technical and nontechnical evaluation in response to environmental or operational changes affecting the security of protected health information

  • Failure to implement audit controls

  • A security incident response and reporting failure

  • Failure to provide timely breach notification to affected individuals

  • Failure to provide timely breach notification to the secretary of the HHS.

In addition to the financial penalty, Oklahoma State University Center for Health Science has agreed to implement a corrective action plan to resolve all areas of noncompliance identified by its civil right office and has promised to closely monitor its plan for compliance.

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars