Secure Healthcare Data

ISU Settles HIPAA Breach with $400,000 Fine, Agreement to Enhance Security Measures

On May 21, 2013, the Department of Health and Human Services (HHS) announced a resolution agreement and settlement of $400,000 with Idaho State University (ISU) due to a breach that impacted 17,500 individuals. The breach occurred at the Pocatello Family Medicine Clinic when servers at ISU had their firewall protections disabled, leaving electronic protected health information (ePHI) unsecured for a minimum of ten months.

Following the breach report submitted to the HHS Office for Civil Rights (OCR), an investigation was conducted which revealed that ISU had allegedly failed to comply with HIPAA Security Rule requirements. Specifically, the investigation found that ISU had conducted an incomplete and inadequate risk analysis and had not properly implemented procedures to regularly review records of information system activity to determine if any ePHI was used or disclosed improperly.

As part of the resolution agreement, ISU agreed to implement additional safeguards to protect ePHI and to provide training to its employees on HIPAA compliance. The $400,000 settlement will be used by HHS to fund programs aimed at improving patient privacy and protecting ePHI from future breaches.

Leave a Reply

House of Representatives President accuses justice in Trump trial in New York Previous post Speaker Mike Johnson’s Defense of Trump Overshadows Michael Cohen’s Testimony in Trump Impeachment Trial
Oregon State and Washington State will have their home games broadcasted on CW and Fox in 2024. Next post New Pac-12 Conference Partnership to Televise 2024 Home Football Games for Oregon State and Washington State”.