Cyber-Attackers' Theft of Over Ten Million Individuals' PHI Leads to $6.85 Million HIPAA Settlement | Practical Law
The Department of Health and Human Services (HHS) has announced a settlement of potential security-oriented violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) with a Washington-based health plan—a HIPAA covered entity (CE) and business associate (BA). Under the agreement, the plan must pay $6.85 million to HHS and comply with a two-year corrective action plan (CAP).