May 9, 2021

Volume XI, Number 129

Advertisement

May 07, 2021

Subscribe to Latest Legal News and Analysis

May 06, 2021

Subscribe to Latest Legal News and Analysis

Medical Imaging Company Pays $3 Million Data Security Fine

A medical imaging company is paying for its flawed data security system. In addition to its system failures, the company failed to investigate and respond properly when alerted to problems by the FBI. As a result, the Office of Civil Rights imposed a $3 million penalty and required a corrective action plan. This yet another warning to the health care industry that data security matters.

Office of Civil Rights Enforcement

The Office of Civil Rights (OCR) in the U.S. Department of Health and Human Services investigates and enforces violations of HIPAA, the Health Insurance Portability and Accountability Act. In this case, OCR investigated a medical imaging company that allowed privacy information about more than 300,000 patients to be visible on the internet.

Compounding The Failure

OCR reported that an “insecure transfer protocol (FTP) web server” permitted internet searches to access social security numbers and other patient data. Because the company had not conducted a risk assessment, it did not identify the problem. In fact, it did not even have required Business Associate Agreements in place with its vendors. Compounding all this, the company declined to “identify and respond” for more than four months after the FBI notified the company of the failure.

Prevention Is The Cure

Every company handling ePHI (electronic protected health information) must protect its patients and itself.

Advertisement
© Copyright 2021 Squire Patton Boggs (US) LLPNational Law Review, Volume IX, Number 150
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Thomas E. Zeno, Squire Patton Boggs, Healthcare Fraud Lawyer, Economic Crimes Attorney
Of Counsel

Thomas Zeno has more than 25 years of experience in the US Attorney’s Office for the District of Columbia. During that time, Tom investigated and prosecuted economic crimes involving healthcare, financial institutions, credit cards, computers, identity theft and copyrighted materials. As the office’s Healthcare Fraud Coordinator for the last eight years, Tom supervised investigation strategies of agents from the Federal Bureau of Investigation, the Department of Health and Human Services, the Drug Enforcement Administration and the Medicaid Fraud Control Unit regarding...

202 626 6213
John E. Wyand, Squire Patton Boggs, Healthcare Lawyer, UK
Partner

John Wyand, a Partner in our Healthcare policy practice group in Washington DC, focuses on advising healthcare and life sciences companies and providers on legal, policy and regulatory issues. Additionally, he regularly assists hospitals and physician groups in developing strategies for hospital/physician alignment, mergers and acquisitions, and fraud and abuse compliance.

202 626 6676
Advertisement
Advertisement