[ Monday, November 14, 2016 ]
Idaho State University
Jeff [10:16 AM]
: Update: My apologies, this appeared in a newsfeed of mine last week, and while I was surprised I hadn't seen it otherwise, I figured out I might have missed it. Turns out it's not current news, and I did, in fact, report on it back in 2013
when it happened.
Thanks to Dissent Doe for pointing that out.
Today's earlier post: A contractor failed to reactivate a firewall
after doing some work on a server, potentially exposing PHI of 17,000 patients. ISU apparently had a BAA with the contractor, but the OCR investigation determined that they hadn't done a risk assessment recently enough. Fine? $400,000. I'm guessing the contractor paid it (probably out of insurance), but that detail is harder to find. More here
Blogger: HIPAA Blog - Edit your Template