[ Monday, November 14, 2016 ]
Idaho State University: Update: My apologies, this appeared in a newsfeed of mine last week, and while I was surprised I hadn't seen it otherwise, I figured out I might have missed it. Turns out it's not current news, and I did, in fact, report on it
back in 2013 when it happened.
Thanks to Dissent Doe for pointing that out.
Today's earlier post: A contractor failed to
reactivate a firewall after doing some work on a server, potentially exposing PHI of 17,000 patients. ISU apparently had a BAA with the contractor, but the OCR investigation determined that they hadn't done a risk assessment recently enough. Fine? $400,000. I'm guessing the contractor paid it (probably out of insurance), but that detail is harder to find.
More here.
Jeff [10:16 AM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template