June 3, 2020

June 03, 2020

Subscribe to Latest Legal News and Analysis

June 02, 2020

Subscribe to Latest Legal News and Analysis

June 01, 2020

Subscribe to Latest Legal News and Analysis

Latest HIPAA Settlement – Unpatched And Unsupported Software

The latest Office for Civil Rights (OCR) HIPAA settlement announced on December 8, 2014 highlights the OCR’s recent and continuing focus on the Security Rule. Anchorage Community Mental Health Services (ACMHS) agreed to settle potential HIPAA violations with a $150,000 fine and the adoption of a corrective action plan. This matter was prompted by ACMHS’ report to OCR of a breach of electronic protected health information (PHI) affecting about 2,700 individuals. The OCR determined that the incident was the direct result of ACMHS’ failure to identify and address basic risks such as running outdated and unsupported software, and failure to regularly update software patches. The OCR also noted that while ACMHS had adopted “sample” Security Rule policies and procedures in 2005, such policies and procedures were not followed.

This latest settlement provides the following key reminders to those subject to HIPAA:

  • The Security Rule, which relates to electronic PHI, continues to be a focus of the OCR;

  • A basic requirement of the Security Rule is that Covered Entities and Business Associates should regularly conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the security of electronic PHI;

  • Covered Entities and Business Associates should remain current on software and software patches to help avoid malware and other hacking incidents; and

  • HIPAA policies and procedures should be meaningful to your organization and should be regularly used, reviewed, and revised as necessary.



About this Author

The Barnes & Thornburg Healthcare Department regularly represents physicians, medical groups, managed care organizations, hospitals, nursing homes, and national healthcare-related associations located around the country. Given our healthcare practice, we understand the unique commercial and regulatory environment in which healthcare organizations operate. Our attorneys bring their problem-solving and consensus-building skills to listen carefully to the goals of their clients and recommend practical solutions.