Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.
The medical center engaged in multiple data security shortcomings that violated the Health Insurance Portability and Accountability Act (HIPAA), including failing to safeguard patient medical information, conduct risk assessments of the security of the medical data in its files, and carry out policies and procedures that monitored access and activity to the information, the OCR said Tuesday in a press release.
