On November 8, 2019, the Texas Health and Human Services Commission (HHSC) agreed to a $1.6 million fine for a data breach that affected the electronic protected health information (ePHI) of over 6,600 individuals.
A U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) investigation determined that HHSC violated the Health Insurance Portability and Accountability Act (HIPAA) by failing to “conduct an enterprise-wide risk analysis, and implement access and audit controls on its information systems and applications as required by the HIPAA Security Rule.”