This spring, the U.S. Department of Health and Human Services entered into a settlement agreement with Touchstone Medical Imaging, LLC addressing violations of HIPAA.
Touchstone provides medical imaging services in multiple states. In 2014, HHS received an email saying that the Social Security Numbers of Touchstone’s patients were viewable online through an unsecure file transfer protocol web server. Upon investigation, HHS determined that names, dates of births, phone numbers, addresses and Social Security numbers of over 300,000 patients were not kept secure. HHS also found that Touchstone did not enter into business associate agreements and did not properly assess their vulnerability risks.
The settlement of claims includes $3 million of penalty payments and the requirement to enter into a Corrective Action Plan.