HIPAA Settlement Illustrates the Importance of Compliance Due Diligence

August 19, 2019


The Office for Civil Rights in the US Department of Health and Human Services (OCR) recently announced a $3 Million settlement with a diagnostic medical imaging company related to potential violations of the HIPAA Security and Breach Notification Rules. This settlement, according to JDSupra, arose out of an FTP server which allowed access to protected health information visible on the internet.  OCR noted in its press release that notifications to individuals affected by the breach were untimely, an accurate and thorough risk analysis was not conducted, and that business associate agreements were not in place with vendors. 


The lack of a risk analysis and appropriate business associate agreements are common themes seen in settlements and therefore should be appropriately considered in conducting due diligence.


At HIPAAcraticRx, due diligence is our middle name!  We help your practice or business complete the legwork, so you maintain an archive of compliance activities. This includes a Security Risk Analysis (SRA), mitigation, and staff training … among other key items. Contact the compliance experts at HIPAAcraticRx today.

Share on Facebook
Share on Twitter
Please reload

Featured Posts

How to Handle Breach Notifications

February 26, 2020

Please reload

Recent Posts
Please reload

Please reload

Search By Tags
Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

HIPAAcraticRx - The Prescription for HIPAA Compliance


20 Hempstead Turnpike, Farmingdale, New York 11735 . (516) 200-6610 . info@hipaacraticrx.com

  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon

© 2019 HIPAAcratic Rx -