Another Medical Office, Another HIPAA Problem

Posted by BAS - 01 August, 2019

header-picture

This spring, the U.S. Department of Health and Human Services entered into a settlement agreement with Touchstone Medical Imaging, LLC addressing violations of HIPAA.

Touchstone provides medical imaging services in multiple states. In 2014, HHS received an email saying that the Social Security Numbers of Touchstone’s patients were viewable online through an unsecure file transfer protocol web server. Upon investigation, HHS determined that names, dates of births, phone numbers, addresses and Social Security numbers of over 300,000 patients were not kept secure. HHS also found that Touchstone did not enter into business associate agreements and did not properly assess their vulnerability risks.

The settlement of claims includes $3 million of penalty payments and the requirement to enter into a Corrective Action Plan.

Topics: MyEnroll360 Security


Recent Posts

“Wait—Can Ally Really Answer That?” Surprising (But True) Questions Our AI Can Handle

read more

Question of the Week - Missed COBRA Notice

read more

Fraud Prevention in Benefits Administration: Protecting Plans and Participants

read more