Healthcare Security Breach: $650,000 HIPAA Settlement featured image

Healthcare Security Breach: $650,000 HIPAA Settlement

by John DiGiacomo

Partner

Data Breach

University of Massachusetts Amherst was recently hit with a Health Insurance Portability and Accountability Act (HIPAA) compliance settlement by federal regulators after suffering an healthcare security breach in 2013, according to DataBreachToday.com. The school had failed to include its Language, Speech, and Hearing Healthcare Services as part of a HIPAA-covered component of its health care system, meaning that the speech and hearing healthcare center was not subject to HIPAA privacy and security rule requirements when it should have been. Similarly, no security risk assessments were performed on the  center until late in 2015.

Since UMass Amherst is an educational institution, it places the healthcare security breach in a unique context. In a university setting, certain components of the school are required to be HIPAA compliant and others are not. The university is responsible for drawing the line between what components need to be covered by special security measures and which do not.

Malware Causes Significant Healthcare Security Breach

A computer in the UMass Amherst’s Center for Language Speech and Hearing that was not equipped with a firewall. This computer became infected with malware the summer of 2013, which resulted in the unauthorized disclosure of protected electronic information of 1,700 students, faculty and employees. Social Security numbers, names, dates of birth, addresses, health insurance information, medical diagnosis and medical procedure codes are just some of the types of student and employee data that was exposed in the breached. There was no clear evidence whether any data was copied from the breached computer, but it could not be ruled out and it is assumed that the data of the 1,700 affected individuals was exposed in the breach.

HIPAA Compliance Settlement

Despite the security breach being relatively small compared to some other health care system breaches in the past, UMass Amherst was required by federal regulators to pay $650,000 in a settlement and was required to adopt and implement a corrective action plan. The corrective action plan requires that the school:

  • Must create and implement a risk management plan for the future.
  • Review and revise the school’s policies and procedures concerning the identification of HIPAA-covered components of their operations.
  • Perform a organization-wide risk analysis.
  • Take time to train and/or retrain all employees concerning HIPAA compliance, procedures, and policies.

Individual’s protected health information was exposed as a result of the security breach at UMass Amherst. The school was unable to confirm that the breached information ended up in the hands of a third party, but the possibility of this potential outcome could not be overlooked.

Cyber Security is a rapidly changing area of law, and data breach attorneys at Revision Legal works hard to stay up to date on the current state of cyber security. Revision Legal has worked with businesses of all sizes to assess health care and other data breach issues and has helped clients in all 50 states. If you are concerned that your personal information that is protected by HIPAA has been exposed or is insecure, you should not delay in contacting the experienced data breach attorneys at Revision Legal as soon as you can. Please feel free to reach out to us today if you need the legal team from Revision Legal in your corner. Contact us using the form on this page or call us at 855-473-8474.

Photo Credit to Flickr user Ryan Scott.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side