In Its Second-Ever HIPAA Settlement on Ransomware, HHS Offers Best Practices for Avoiding Cyberattacks | Practical Law
The Department of Health and Human Services (HHS) has announced a settlement of potential Privacy and Security Rule violations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The settlement involved a Maryland-based provider of mental health services (and HIPAA covered entity (CE)). The provider must pay $40,000 to HHS and comply with a three-year corrective action plan (CAP) that HHS will monitor.