Hacker Group's Impermissible Access to ePHI Leads to $1.5 Million HIPAA Settlement | Practical Law
The Department of Health and Human Services (HHS) has announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) involving a Georgia-based orthopedic clinic (and HIPAA covered entity (CE)). The CE must pay $1.5 million to settle potential HIPAA violations resulting from the impermissible disclosure of electronic protected health information (ePHI) in its possession. The CE also must comply with a two-year corrective action plan.