kamagra 100mg oral jelly sildenafil

2.7M HIPPA Settlement

By on July 19, 2016

Oregon Health & Science University (OHSU) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules following an investigation by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) that found widespread and diverse problems at OHSU, which will be addressed through a comprehensive three-year corrective action plan.

The settlement includes a monetary payment by OHSU to the Department for $2,700,000.  

OCR’s investigation began after OHSU submitted multiple breach reports affecting thousands of individuals, including two reports involving unencrypted laptops and another large breach involving a stolen unencrypted thumb drive.  These incidents each garnered significant local and national press coverage.

The  OCR investigation uncovered evidence of widespread vulnerabilities within OHSU’s HIPAA compliance program, including the storage of the electronic protected health information (ePHI) of over 3,000 individuals on a cloud-based server without a business associate agreement.  OCR found significant risk of harm to 1,361 of these individuals due to the sensitive nature of their diagnoses. The server stored a variety of ePHI including credit card and payment information, diagnoses, procedures, photos, driver’s license numbers and Social Security numbers.

You can view the resolution agreement and corrective action plan on OCR’s website at:

To learn more about non-discrimination and health information privacy laws, your civil rights, and privacy rights in health care and human service settings, and to find information on filing a complaint, visit us at http://www.hhs.gov/hipaa/index.html.