“Investigators from the U.S. Department of Health and Human Services Office of Civil Rights (OCR) found that MCPN violated the HIPAA Security Rule by failing to do proper risk assessments or implement adequate cybersecurity measures and procedures.
“Specifically, MCPN has failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by MCPN,” OCR wrote in the official Resolution Agreement.
“Further, MCPN has failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.”
Investigators indicated the financial component of the settlement might have been higher but OCR considered the public benefit of the services provided by the nonprofit.”
Ensure that your business is fully HIPAA compliant by calling us at (651) 379-2035 or emailing us at info@proactivemanagedit.com
Author: Aldrin Brown