[ Monday, November 14, 2016 ]


Idaho State University: Update: My apologies, this appeared in a newsfeed of mine last week, and while I was surprised I hadn't seen it otherwise, I figured out I might have missed it.  Turns out it's not current news, and I did, in fact, report on it back in 2013 when it happened.

Thanks to Dissent Doe for pointing that out.

Today's earlier post: A contractor failed to reactivate a firewall after doing some work on a server, potentially exposing PHI of 17,000 patients.  ISU apparently had a BAA with the contractor, but the OCR investigation determined that they hadn't done a risk assessment recently enough.  Fine?  $400,000.  I'm guessing the contractor paid it (probably out of insurance), but that detail is harder to find.  More here.

Jeff [10:16 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template