Protecting Health Information

Healthcare Breach Exposes 17,500 Individuals’ Protected Health Information: ISU Faces $400,000 Settlement for Non-Compliance with HIPAA Regulations

On May 21, 2013, the Department of Health and Human Services (HHS) announced a settlement agreement with Idaho State University (ISU) for a breach that exposed the electronic protected health information (ePHI) of 17,500 individuals. The breach occurred at ISU’s Pocatello Family Medicine Clinic due to disabled firewall protections on servers, leaving ePHI unsecured for at least ten months.

Following the submission of a breach report to HHS Office for Civil Rights (OCR), an investigation revealed that ISU had not complied with HIPAA Security Rule requirements. Specifically, they failed to conduct a thorough risk analysis and implement procedures to regularly review records of information system activity in order to identify any inappropriate use or disclosure of ePHI.

The $400,000 settlement is a result of ISU’s alleged violations of HIPAA regulations. The incident serves as a reminder to healthcare organizations that safeguarding patient health information is crucial and highlights the potential consequences of non-compliance with HIPAA regulations. This includes significant financial penalties and damage to an organization’s reputation. Healthcare organizations must ensure they have proper safeguards in place to protect sensitive data and comply with regulatory requirements.

Leave a Reply

Neste releases a warning about its profits Previous post Neste Slashes Renewable Products Sales Margin Forecast, Cites Market Fluctuations and Leadership Changes
Statesville Christian students present innovative science fair projects Next post Christian School Students Shine in Science Fair with Biblical Applications