Site icon SnapInHIPAA

400,000 Dollars HIPAA Fine Settled By Denver FQHC Due To Failures In Privacy Management System

The unit of human health services, the office of civil rights is taking strict actions against a health care center known as Denver. They are responsible for the failure of many privacy laws provided by HIPAA. This firm has faced serious data leakage in the year of 2011. The MCPN has now made a settlement that they are ready to pay a fine of 400, 000 dollars to the office of civil rights. In addition to that, they will adopt a good strategic plan in order to become compliance with the HIPAA rules. This thing was revealed by the auditors of the inspection.

The case which made the office of civil rights to look into this firm was a serious phishing outbreak that was occurred in the last month of 2011. A criminal tried to send phishing electronic messages to the MCPN employees, the replies to which allowed to hacker to use the accounts of the employees of MCPN. These email accounts possessed the personal information of more than three thousand and two hundred patients. The office of civil rights started the inspections in order to learn more about the breach. They wanted to know if the data leakage occurred due to the negligence of the firm as they would have violated the rules of HIPAA.

The office of civil rights came to know that the firm has taken all the important measures in order to avoid any further criminal activity with the data stored in their systems. On the other hand, the firm violated many rules of HIPAA. If the firm had followed the rules properly, they would not have to face such problems of phishing emails at the first place.

Despite the fact that the OCR has ensured the company has performed threat analysis properly, this analysis was executed in the February 2012. It shows that the company rested for two months right after the hacking problem occurred in their firm. The fine faced by this firm is the first settlement after the hiring of Roger Severino as the new director of HIPAA. He says that the data of the patients should be protected.

 

Exit mobile version