OCR Reaches $750,000 Settlement with Univ. of Wash. for HIPAA Violations
The settlement centered around a Security Rule within the Health Insurance Portability and Accountability Act.
The university admits no liability as part of the settlement, and the resolution agreement mainly focused on a Security Rule violation, according to Winston.com.
The university also agreed to a two-year monitoring period with the OCR to implement a risk analysis and risk management plan.
The breach, which occurred in Nov. 13, was reported after someone working for the university downloaded malware, which affected a system that contained protected health information.
OCR’s investigation revealed the university neglected to ensure that it’s “affiliated medical entities” had conducted risk assessments and implemented risk management plans, which is required under HIPAA’s Security Rule.
If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!