Athens Orthopedic Agrees to $1.5 Million Settlement Over 2016 Data Breach and HIPAA Violations

    Private: Amanda Doran

    On September 22, 2020, the U.S. Department of Health and Human Services Office of Civil Rights (OCR) announced that Athens Orthopedic Clinic PA will pay $1.5 million to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.

    The clinic fell victim to a data breach on June 28, 2016, during which a hacker gained access to its electronic medical record (EMR) system and exposed the protected health information (PHI) of over 208,500 individuals. Under the settlement agreement, Athens Orthopedic Clinic must implement a two-year corrective action plan to resolve noncompliance issues discovered during the OCR’s investigation, including failure to perform a risk analysis, implement risk management and audit controls, and maintain HIPAA policies and procedures, among others.

    Read more at JD Supra

    Need a Data Privacy, Protection, and Security expert?

    If you are in need of an expert with experience in data privacy and data security disputes, we invite you to consider DisputeSoft.