The University of Washington settled with the Office for Civil Rights for $750,000 after a potential HIPAA violation was investigated.
The university admits no liability as part of the settlement, and the resolution agreement mainly focused on a Security Rule violation, according to Winston.com.
RELATED: Review: Dept. of Veteran’s Affairs, Other Major Providers Violating HIPAA
The university also agreed to a two-year monitoring period with the OCR to implement a risk analysis and risk management plan.
The breach, which occurred in Nov. 13, was reported after someone working for the university downloaded malware, which affected a system that contained protected health information.
RELATED: UVA Reaches Title IX Agreement with the Department of Education
OCR’s investigation revealed the university neglected to ensure that it’s “affiliated medical entities” had conducted risk assessments and implemented risk management plans, which is required under HIPAA’s Security Rule.