HIPAA Resolution Agreement

Posted by BAS - 14 March, 2019


The Department of Health and Human Services Office for Civil Rights (OCR) entered into a $3 million settlement with Cottage Health relating to a breach of PHI of more than 60,000 people. Cottage health operates several hospitals in California.

One breach resulted from the misconfiguration of a server, exposing unsecured PHI over the Internet. The breach release patient name, address, date of birth, Social Security number, diagnosis and treatment information. The other breach resulted from a contractor’s removal of security configuration settings on the Windows operating system of a server which allowed access to personal files without a username and password.

Cottage health must undertake a corrective action plan in addition to paying the settlement amount. A copy of the resolution agreement may be accessed by clicking here.

Topics: MyEnroll360 Security

Recent Posts

Question of the Week

read more

Wage Information Tax Scams

read more

BAS’ Leave of Absence Billing

read more