PHI Visible Via Google Search Leads to $3 Million HIPAA Settlement | Practical Law
The Department of Health and Human Services (HHS), Office of Civil Rights (OCR) announced a $3 million settlement with a covered entity that provides diagnostic medical imaging services to address potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The provider must also carry out a corrective action plan that involves completing and updating a risk analysis and risk management plan, adopting business associate agreements and HIPAA policies and procedures, and providing training to workforce members.