HIPAA Breach – Indiana Medical Records Service Pays $100,000 to Settle

HIPAA breach
HIPAA breach

May 23, 2019 Medical Informatics Engineering, Inc. (MIE) has paid $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, and has agreed take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. MIE is an Indiana company that provides software and electronic medical record services to healthcare providers.

On July 23, 2015, MIE filed a HIPAA breach report with OCR following discovery that hackers used a compromised user ID and password to access the electronic protected health information (ePHI) of approximately 3.5 million people. OCR’s investigation revealed that MIE did not conduct a comprehensive risk analysis prior to the breach. The HIPAA Rules require entities to perform an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of an entity’s electronic protected health information.

“Entities entrusted with medical records must be on guard against hackers,” said OCR Director Roger Severino. “The failure to identify potential risks and vulnerabilities to ePHI opens the door to breaches and violates HIPAA.”

In addition to the $100,000 settlement, MIE will undertake a corrective action plan to comply with the HIPAA Rules that includes a complete, enterprise-wide risk analysis.

HIPAA Compliance Review Program Launch

HIPAA Compliance

The Centers for Medicare & Medicaid Services (CMS) Division of National Standards, on behalf of the Department of Health and Human Services (HHS), is launching the HIPAA Compliance Review Program to ensure compliance among covered entities with HIPAA Administrative Simplification rules for electronic health care transactions.

In April 2019, HHS will randomly select 9 HIPAA-covered entities—a mix of health plans and clearinghouses—for HIPAA Compliance Reviews. Any health plan or clearinghouse—not just those who work with Medicare or Medicaid—may be selected. In 2018, HHS piloted the program with health plan and clearinghouse volunteers to streamline the process. In 2019, providers will be able to participate in a separate pilot program on a voluntary basis.

Moving forward, the Compliance Review Program will conduct periodic reviews with randomly selected entities to assess compliance.

Read the full Information Bulletin on the Go-to-Info page for more information, and watch for more Email Update messages with details about the program.

Interested in becoming HIPAA Compliant? We can help maintain your business posture. Check out our HIPAA Compliance service offerings Contact us at 866-276-8309 or info@ehr20.com with any questions.

CMS on behalf of HHS is launching a HIPAA Compliance Review Program to ensure compliance with the administrative safegaurds by covered entities.