The U.S. Department of Health and Human Services announced a $1.5 million civil penalty against Warby Parker for breaching HIPAA regulations following unauthorized access to customer accounts. The OCR's investigation initiated in December 2018 after Warby Parker reported unusual login activity. The penalty emphasizes the necessity for entities to adhere to established standards for protecting electronic personal health information (ePHI) and highlights the importance of implementing appropriate safeguards to avoid breaches.
"Identifying and addressing potential risks and vulnerabilities to electronic protected health information is necessary for effective cybersecurity and compliance with the HIPAA Security Rule."
"Protecting individuals' electronic health information means regulated entities need to be vigilant in implementing and complying with the Security Rule requirements before they experience a breach."
Collection
[
|
...
]