Federally qualified health center settles $400,000 HIPAA breach

From ADA News:

The federal government in April settled a potential violation of the Health Insurance Portability and Accountability Act with a Denver-area federally qualified health center that was reportedly the victim of a 2012 phishing attack.

Source: Federally qualified health center settles $400,000 HIPAA breach

Another big fine. TheĀ breach was from an e-mail scam that took place in 2012 before the new omnibus rules went into effect. Essentially they were fined for not conducting and documenting anĀ assessment.

On the one hand this seems harsh fining someone who was the victim of a scam. On the other hand it is the responsibility of the health care entity to train employees to detect and avoid phishing attacks or to restrict use of the Internet.

Leave a Reply

Your email address will not be published.