News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Register for free
Receive the CW newsletter and access CPE webcasts.
- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By Adrianne Appel2024-02-07T21:51:00
Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.
The medical center engaged in multiple data security shortcomings that violated the Health Insurance Portability and Accountability Act (HIPAA), including failing to safeguard patient medical information, conduct risk assessments of the security of the medical data in its files, and carry out policies and procedures that monitored access and activity to the information, the OCR said Tuesday in a press release.
The alleged failures came to light after the hospital was contacted by police in May 2015 about possible data theft of a particular patient’s medical information. Montefiore investigated and found that, two years earlier, an employee had stolen the medical information of 12,517 patients and sold that info to an identity theft ring, per the OCR. The hospital then filed a breach report with the regulator.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Register for free
Receive the CW newsletter and access CPE webcasts.
2024-03-14T19:45:00Z By Adrianne Appel
Change Healthcare, a health payment processor hit by a crippling cyberattack in February, is under investigation by the Department of Health and Human Services’ Office for Civil Rights.
2023-12-08T16:48:00Z By Kyle Brasseur
Louisiana-based Lafourche Medical Group agreed to pay $480,000 as part of the first phishing attack-related settlement the Department of Health and Human Services’ Office for Civil Rights has reached under the Health Insurance Portability and Accountability Act.
2023-12-07T18:34:00Z By Adrianne Appel
Hospitals can soon expect to see new draft cybersecurity regulations and benchmarking goals, according to the Department of Health and Human Services.
2024-07-26T19:18:00Z By Jeff Dale
RTX Corp., the parent company of Raytheon, disclosed in a public filing it has reserved $1.24 billion to resolve legacy legal matters with the Department of Justice, Securities and Exchange Commission, and Department of State.
2024-07-26T15:51:00Z By Aaron Nicodemus
The U.K. Financial Conduct Authority issued a fine of $4.5 million (3.5 million pounds) against a U.K.-based subsidiary of crypto platform Coinbase for providing services to high-risk customers in violation of FCA rules.
2024-07-26T13:36:00Z By Adrianne Appel
Admera Health agreed to pay more than $5.5 million to resolve allegations first brought by two whistleblowers that it paid kickbacks to third-party contractors, the Department of Justice said.
Site powered by Webvision Cloud