$750,000 HIPAA settlement underscores the need for organization-wide risk analysis
The University of Washington Medicine (UWM) has agreed to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule by failing to implement policies and procedures to prevent, detect, contain, and correct security violations. UWM is an affiliated covered entity, which includes designated health care components and other entities under the control of the University of Washington, including University of Washington Medical Center, the primary teaching hospital of the University of Washington School of Medicine. Affiliated covered entities must have in place appropriate policies and processes to assure HIPAA compliance with respect to each of the entities that are part of the affiliated group. The settlement includes a monetary payment of $750,000, a corrective action plan, and annual reports on the organization’s compliance efforts.
Department of Health and Human Services, e-PHI, electronic protected health information, Government Perspectives, HHS, HIPAA, OCR, Office for Civil Rights, settlement, University of Washington Medicine