$4.3 Million HIPAA Penalty for 3 Breaches

June 18, 2018 Mayuri Kumar

A lack of device encryption will cost a Texas-based cancer treatment center $4.3 million in civil monetary penalties from the Department of Health and Human Services.

In a statement Monday, the HHS Office for Civil Rights said it was granted a summary judgment by an HHS administrative law judge, who ruled that The University of Texas MD Anderson Cancer Center violated the HIPAA privacy and security rules. The judge approved OCR imposing $4.3 million in penalties in the aftermath of its investigations into three breaches involving unencrypted devices.

David Holtzman’s comments are featured in the article.

Previous Article
MD Anderson will pay $4.3 million fine to HHS for data breaches
MD Anderson will pay $4.3 million fine to HHS for data breaches

Next Article
When is data collected for research PHI covered by HIPAA and when is it not?
When is data collected for research PHI covered by HIPAA and when is it not?

On June 1, 2018, an OCR ALJ decision imposed civil monetary penalties against the University of Texas MD An...