HIPAA Breach Notification Failure Leads to $2.175 Million Settlement | Practical Law
https://content.next.westlaw.com/Document/Iedc339cf112011eaadfea82903531a62/View/FullText.html?transitionType=Default&contextData=(sc.Default)
The Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced that a Virginia-based network of health providers must pay $2.175 million to settle alleged privacy and breach notification violations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The health providers, which comprise an affiliated covered entity under HIPAA, must also complete a two-year corrective action plan under which they must revise and distribute their breach notification procedures and submit to HHS oversight concerning breach risk assessments.