MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine

The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3 million HIPAA penalty levied against it last year by the Department of Health and Human Services following three data breaches involving unencrypted devices was unlawful.

In the complaint filed Tuesday in a Texas federal court, MD Anderson argues that HHS, as a federal agency, does not have the authority to impose the civil monetary penalty against the cancer center because MD Anderson, which is part of the University of Texas, is a "state agency."

David Holtzman’s comments were featured in this article.

Previous Article
Providers make gains on security, but hackers step up efforts
Providers make gains on security, but hackers step up efforts

Next Article
HHS Proposed Information Blocking Rules and OCR FAQs
HHS Proposed Information Blocking Rules and OCR FAQs

The Office of the National Coordinator (ONC) released its long-awaited proposed rule on interoperability an...