In the second major HIPAA enforcement action announced by federal authorities this week, Massachusetts General Hospital and its physicians organization have entered into a resolution agreement that calls for paying a $1 million settlement and taking corrective action to avoid future violations.
The owner of four clinics in Maryland has been fined $4.3 million for HIPAA privacy rule violations that involved failing to provide 41 patients with access to their medical records and then failing to cooperate with federal investigators.
The federal list of major health information breaches included 240 incidents affecting 6.5 million individuals as of Thursday. But that number soon could grow substantially as a result of incidents that made headlines this week.
Some 1.7 million individuals are being notified of a health information breach incident involving data from The New York City Health and Hospitals Corp. It's the largest breach reported so far under the HITECH Act breach notification rule.
It's not enough to recover data after an incident; also essential is restoring the software needed to read the data, as Federal Emergency Management Agency has learned. The inspector general explains it all.
The University of Iowa Hospitals and Clinics is firing three employees and giving two others five-day unpaid suspensions because they inappropriately accessed the electronic health records of 13 student-athletes.
"Once you get over the idea that we don't have permanent world peace, and people may need to attack each other in particular circumstances ... then maybe there's a lot of good things to say about cyberweapons," says Peter Sommer of the London School of Economics' Information Systems and Innovation Group.