On March 10, 2025, Vision Upright MRI reported a data breach affecting 23,031 patients, revealing issues with their handling of electronic protected health information (ePHI). An HHS press release clarified the breach impacted the medical images of 21,778 patients, attributing it to unauthorized access on their PACS server. Notably, the organization had never performed a HIPAA risk analysis and failed to notify affected individuals within the required 60-day timeframe. As a result, Vision Upright MRI has agreed to a corrective action plan under OCR's supervision for two years and will pay a fine of $5,000 while improving compliance efforts.
The breach of Vision Upright MRI affected 23,031 patients, showcasing their serious lapse in complying with HIPAA regulations concerning electronic health information security.
The OCR's compliance review highlighted that Vision Upright MRI had never conducted a HIPAA risk analysis, raising major concerns about their patient data security practices.
Vision Upright MRI's failure to notify affected individuals within 60 days of discovering the breach illustrates a significant violation of the Breach Notification Rule under HIPAA.
Under a resolution agreement, Vision Upright MRI will implement a corrective action plan and has committed to a two-year oversight period to ensure compliance.
Collection
[
|
...
]