Thursday, November 24, 2016

UMass Amherst Agrees to Pay $650,000 HIPAA suit Fine

The Institute of University of Massachusetts Amherst has accepted to pay $650,000 to settle potential violations of the Health Insurance Portability and Accountability Act.


The fine is lower than it might have been and the $650,000 settlement depicts the fact that the university operated at a financial loss in the year of 2015, in accordance to a statement from the Office for Civil Rights, which oversees HIPAA enforcement.


The breach happened on June 18, 2013, when a workstation in the university’s Center for Language, Speech, and Hearing was infected with a malware program. This resulted in the impermissible disclosure of electronic protected health information of 1,670 people, involving names, addresses, social security numbers, dates of birth, health insurance information, diagnoses and procedure codes.


In this situation, the malware was a generic remote access Trojan that infiltrated the system, the university evaluated. It gave impermissible access to ePHI, because UMass didn’t have a firewall in place.

No comments:

Post a Comment