- ‘Really, Really Messed Up My Life’
- Quick Start to Healthy Weight Loss
- Black Men Can Beat Prostate Cancer
- Health Screenings for Older Black Men
- Healthy Man of the Month for July 2016
- HIV Testing is HIV Prevention
- Your ‘Mental’ Endurance
- Bisexual Health Priorities
- Entertainment CEO DonJuan Clark
- New Drug Helps Men with Melanoma
2.7M HIPPA Settlement
Oregon Health & Science University (OHSU) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules following an investigation by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) that found widespread and diverse problems at OHSU, which will be addressed through a comprehensive three-year corrective action plan.
The settlement includes a monetary payment by OHSU to the Department for $2,700,000.
OCR’s investigation began after OHSU submitted multiple breach reports affecting thousands of individuals, including two reports involving unencrypted laptops and another large breach involving a stolen unencrypted thumb drive. These incidents each garnered significant local and national press coverage.
The OCR investigation uncovered evidence of widespread vulnerabilities within OHSU’s HIPAA compliance program, including the storage of the electronic protected health information (ePHI) of over 3,000 individuals on a cloud-based server without a business associate agreement. OCR found significant risk of harm to 1,361 of these individuals due to the sensitive nature of their diagnoses. The server stored a variety of ePHI including credit card and payment information, diagnoses, procedures, photos, driver’s license numbers and Social Security numbers.
You can view the resolution agreement and corrective action plan on OCR’s website at:
To learn more about non-discrimination and health information privacy laws, your civil rights, and privacy rights in health care and human service settings, and to find information on filing a complaint, visit us at http://www.hhs.gov/hipaa/index.html.