Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

OCR Settlement Proves Quick Breach Response Can Protect Your Business

If you’re a Covered Entity or someone who is affected by HIPAA laws and regulations, you know as well as anyone that a data breach can have serious repercussions on your organization. From client trust and financial consequences to legal ramifications, a breach of data is no laughing matter. To illustrate the importance of a quick breach response, let’s get into some details about a recent case from a medical center in Oklahoma, and what it has to do with you.

The Office for Civil Rights (OCR) and the U.S. Department of Health and Human Services (HHS) have recently taken action against a medical center in Oklahoma because they violated HIPAA’s privacy, security, and breach notification rules. What was the consequence? $875,000 in fines. 

This was due to a breach in their web server that contained PHI that dated back to March 2016. This breach leaked information belonging to more than 275,000 people, including their names, dates of service, addresses, and treatment info. The medical center reported the breach in January of 2018, stating that it occurred in November 2017, when it was about a year before that. As justification, the medical center stated that they were unaware of the breach that occurred in 2016. They weren’t aware that their server contained PHI, and didn’t know where their PHI was stored. 

OCR investigated further and found that the medical center did not meet the required standards for the protection of PHI, ultimately leading to the breach. Not only is this medical center still paying for this incident, they now have to undergo a corrective action plan (CAP), closely monitored by OCR for two years.

So, what does this mean for Covered Entities? Well, this is just one of many real-life examples proving just how important it is to have a robust HIPAA compliance plan. It’s crucial to know where your PHI is stored and how it’s being protected to protect your relationships with clients and your business against unfortunate circumstances, such as this one. 

This is just one of many examples of why HIPAA policies and procedures are crucial. By having a set of detailed plans for device usage, quick breach response, and security protocols already established, you allow yourself to take swift and effective action if a breach occurs. If these are not already in place, you run the major risk of meeting the incident unprepared, endangering valuable PHI, compromising trust with clients, and putting your organization in a financially vulnerable position. 

A structured plan puts your organization’s future in a much more stable and reliable position while giving you the peace of mind that you have done everything in your power to protect your organization and your PHI from data breaches.

If you’re not sure where to start, we can help. Want to know more about how you can become HIPAA compliant?

Email us at info@totalhipaa.com to learn more about how we can help your organization become (and stay!) HIPAA compliant. Or, get started here.

  1. Recent OCR Settlement Proves Swift Action Can Protect PHI and Your Bottom Line
  2. Repercussions of a Security Breach

Sharing is caring!

Documents

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2022

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!

Document

Related Posts

3 Reasons Insurance Agents Need to Follow HIPAA

3 Reasons Insurance Agents Need to Follow HIPAA

Health insurance agents became covered under HIPAA with the HITECH Act of 2009. The inclusion of insurance agents was a response to the increasing use of electronic health records and the need to...

Only a Few Days Remain to Report Small Breaches

Only a Few Days Remain to Report Small Breaches

Did you know that any HIPAA security breaches affecting less than 500 individuals in 2022 must be reported to the US Department of Health and Human Services by March 1, 2023? That is just a few days...

Microsoft End of Support for 2023

Microsoft End of Support for 2023

Each year, we publish Microsoft’s End of Support list because using up-to-date software is essential for HIPAA compliance. Microsoft will terminate support for earlier versions of a long list of its...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)