UMass settles potential HIPAA violations following malware infection

The University of Massachusetts Amherst (UMass) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. The settlement includes a corrective action plan and a monetary payment of $650,000, which is reflective of the fact that the University operated at a financial loss in 2015.   

On June 18, 2013, UMass reported to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) that a workstation in its Center for Language, Speech, and Hearing (the “Center”) was infected with a malware program, which resulted in the impermissible disclosure of electronic protected health information (ePHI) of 1,670 individuals, including names, addresses, social security numbers, dates of birth, health insurance information, diagnoses and procedure codes. The University determined that the malware was a generic remote access Trojan that infiltrated their system, providing impermissible access to ePHI, because UMass did not have a firewall in place.

To continue reading this article…

Start your monthly or annual subscription to HIT Leaders & News today!

A monthly Standard subscription to all our regular news articles costs only $12.00 per month, or $144.00 for an annual Standard subscription.

Already a subscriber? Log in

 

Department of Health and Human Services, ePHI, Government Perspectives, HHS, HIPAA, UMass, University of Massachusetts Amherst

Social

Please follow and ‘Like’ us

facebook
LinkedIn
twitter

©2021 HIT Leaders and News, a GO Digital Media publication. All rights reserved.