HIPAA Blog

[ Friday, October 04, 2024 ]

Providence Medical Institute Ransomware Fine: Providence Medical Institute has been fined $240,000 by OCR for HIPAA violations in connection with a ransomware attack that exposed the PHI of over 80,000 individuals. Interestingly, OCR only noted 2 HIPAA violations warranting the fine: lack of an appropriate BAA, and lack of policy restrictions on the people and programs who can access PHI. OCR did NOT note a lack of a sufficient risk assessment (but maybe that's implied since a good risk assessment would have noted the access problem and lack of BAAs?).

Jeff [11:55 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template