Judge rules MD Anderson must pay $4.3M for HIPAA violations

June 19, 2018 Mayuri Kumar

An HHS administrative law judge has ruled that MD Anderson Cancer Center violated HIPAA and must pay $4,348,000 to the HHS Office for Civil Rights.

The violations date back to three separate breach reports in 2012 and 2013. The incidents involved the stealing of an unencrypted laptop from an MD Anderson employee’s residence, as well as the loss of two unencrypted USB thumb drives holding the unencrypted ePHI of more than 33,500 people.

David Holtzman’s commentary on the MD Anderson HIPAA violation was featured in MedCity News articleClick here to read more. 

Previous Article
Colorado Breach Law Uses Long Arms to Protect Health Information Not Covered by HIPAA
Colorado Breach Law Uses Long Arms to Protect Health Information Not Covered by HIPAA

Colorado has put into place a new law that will require organizations handling digital personal information...

Next Article
MD Anderson Cancer Center Fined $4.3 M For Data Breach
MD Anderson Cancer Center Fined $4.3 M For Data Breach

×

Subscribe to Our Monthly Cyber Bulletins with the Latest News, Tips and More!

First Name
Last Name
Company
Thank You!
Error - something went wrong!