The U.S. Department of Health and Human Services announced a $25,000 settlement with Comprehensive Neurology, PC due to violations of HIPAA following a ransomware attack in 2020. The attack compromised the electronic protected health information of 6,800 individuals. OCR found that Comprehensive failed to conduct proper risk analyses, which is crucial for safeguarding ePHI. As part of the settlement, the practice will implement a corrective action plan and will be monitored for compliance over the next two years to ensure adherence to HIPAA regulations, including training its workforce on security policies.
The OCR's investigation revealed that Comprehensive Neurology inadequately assessed risks to ePHI, highlighting the importance of stringent compliance with HIPAA security measures.
Comprehensive Neurology agreed to a corrective action plan to mitigate security vulnerabilities, underscoring the need for proactive risk management in healthcare.
Collection
[
|
...
]