HIPAA Resolution Agreement

Posted by BAS - 14 March, 2019

header-picture

The Department of Health and Human Services Office for Civil Rights (OCR) entered into a $3 million settlement with Cottage Health relating to a breach of PHI of more than 60,000 people. Cottage health operates several hospitals in California.

One breach resulted from the misconfiguration of a server, exposing unsecured PHI over the Internet. The breach release patient name, address, date of birth, Social Security number, diagnosis and treatment information. The other breach resulted from a contractor’s removal of security configuration settings on the Windows operating system of a server which allowed access to personal files without a username and password.

Cottage health must undertake a corrective action plan in addition to paying the settlement amount. A copy of the resolution agreement may be accessed by clicking here.

Topics: MyEnroll360 Security


Recent Posts

“Wait—Can Ally Really Answer That?” Surprising (But True) Questions Our AI Can Handle

read more

Question of the Week - Missed COBRA Notice

read more

Fraud Prevention in Benefits Administration: Protecting Plans and Participants

read more