Athens Orthopedic Agrees to $1.5 Million Settlement Over 2016 Data Breach and HIPAA Violations

    On September 22, 2020, the U.S. Department of Health and Human Services Office of Civil Rights (OCR) announced that Athens Orthopedic Clinic PA will pay $1.5 million to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.

    The clinic fell victim to a data breach on June 28, 2016, during which a hacker gained access to its electronic medical record (EMR) system and exposed the protected health information (PHI) of over 208,500 individuals. Under the settlement agreement, Athens Orthopedic Clinic must implement a two-year corrective action plan to resolve noncompliance issues discovered during the OCR’s investigation, including failure to perform a risk analysis, implement risk management and audit controls, and maintain HIPAA policies and procedures, among others.

    Read more at JD Supra

    Need a Data Privacy, Protection, and Security expert?

    If you are in need of an expert with experience in data privacy and data security disputes, we invite you to consider DisputeSoft.