Healthcare Security Breach: $650,000 HIPAA Settlement featured image

Healthcare Security Breach: $650,000 HIPAA Settlement

by John DiGiacomo

Partner

Data Breach

University of Massachusetts Amherst was recently hit with a Health Insurance Portability and Accountability Act (HIPAA) compliance settlement by federal regulators after suffering an healthcare security breach in 2013, according to DataBreachToday.com. The school had failed to include its Language, Speech, and Hearing Healthcare Services as part of a HIPAA-covered component of its health care system, meaning that the speech and hearing healthcare center was not subject to HIPAA privacy and security rule requirements when it should have been. Similarly, no security risk assessments were performed on the  center until late in 2015.

Since UMass Amherst is an educational institution, it places the healthcare security breach in a unique context. In a university setting, certain components of the school are required to be HIPAA compliant and others are not. The university is responsible for drawing the line between what components need to be covered by special security measures and which do not.

Malware Causes Significant Healthcare Security Breach

A computer in the UMass Amherst’s Center for Language Speech and Hearing that was not equipped with a firewall. This computer became infected with malware the summer of 2013, which resulted in the unauthorized disclosure of protected electronic information of 1,700 students, faculty and employees. Social Security numbers, names, dates of birth, addresses, health insurance information, medical diagnosis and medical procedure codes are just some of the types of student and employee data that was exposed in the breached. There was no clear evidence whether any data was copied from the breached computer, but it could not be ruled out and it is assumed that the data of the 1,700 affected individuals was exposed in the breach.

HIPAA Compliance Settlement

Despite the security breach being relatively small compared to some other health care system breaches in the past, UMass Amherst was required by federal regulators to pay $650,000 in a settlement and was required to adopt and implement a corrective action plan. The corrective action plan requires that the school:

  • Must create and implement a risk management plan for the future.
  • Review and revise the school’s policies and procedures concerning the identification of HIPAA-covered components of their operations.
  • Perform a organization-wide risk analysis.
  • Take time to train and/or retrain all employees concerning HIPAA compliance, procedures, and policies.

Individual’s protected health information was exposed as a result of the security breach at UMass Amherst. The school was unable to confirm that the breached information ended up in the hands of a third party, but the possibility of this potential outcome could not be overlooked.

Cyber Security is a rapidly changing area of law, and data breach attorneys at Revision Legal works hard to stay up to date on the current state of cyber security. Revision Legal has worked with businesses of all sizes to assess health care and other data breach issues and has helped clients in all 50 states. If you are concerned that your personal information that is protected by HIPAA has been exposed or is insecure, you should not delay in contacting the experienced data breach attorneys at Revision Legal as soon as you can. Please feel free to reach out to us today if you need the legal team from Revision Legal in your corner. Contact us using the form on this page or call us at 855-473-8474.

Photo Credit to Flickr user Ryan Scott.

Extra, Extra!
Recent Posts

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Understanding Product Liability Law for Ecommerce Merchants

Understanding Product Liability Law for Ecommerce Merchants

Internet Law

Introduction Being an ecommerce merchant is hard; you have to keep an eye on your advertising spend, control your inventory, and make sure your customers are happy. Additionally, you also have to navigate a complex landscape of legal responsibilities. One of these areas, which is often overlooked, is product liability. Product liability law holds manufacturers, […]

Read more about Understanding Product Liability Law for Ecommerce Merchants

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Internet Law

Introduction In our increasingly digital world, the significance of internet privacy is paramount. Internet privacy attorneys are essential in safeguarding the rights of individuals and organizations against various privacy-related challenges. This blog post delves into the key issues these attorneys address. Data Breaches and Cybersecurity Data breaches occur when sensitive information is accessed or disclosed […]

Read more about Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Put Revision Legal on your side