Last week OCR announced a settlement with Metro Community Provider Network (MCPN) from Denver, Colorado following a data breach that exposed ePHI for 3,200 individuals. The settlement included a $400,000 fine and the implementation of a corrective action plan. Additional details can be found in the press release.
"On January 27, 2012, MCPN filed a breach report with OCR indicating that a hacker accessed employees' email accounts and obtained 3,200 individuals' ePHI through a phishing incident. OCR’s investigation revealed that MCPN took necessary corrective action related to the phishing incident; however, the investigation also revealed that MCPN failed to conduct a risk analysis until mid-February 2012."
MCPN filed a breach report at the end of January 2012, but had not done a risk analysis until mid February.
Focal Point’s HIPAA Risk Advisor is a cloud-based platform that simplifies and accelerates HIPAA compliance initiatives. HIPAA Risk Advisor includes an automated security risk assessment tool and access to a dedicated HIPAA security expert to navigate you through the entire process, providing a risk and gap analysis with recommendations to improve security.
HIPAA Risk Advisor is primarily delivered through our IT Service Provider channel partners. These partners are ready to assist with remediation services to reduce risk and help both Covered Entities and Business Associates achieve compliance.
Interested in becoming a partner? Want to find a partner in your area? Learn more at hipaariskadvisor.com/partner or contact Steve Hellin at shellin@focal-point.com