iHealth Solutions is a Business Associate and settled an information breach affecting 267 people

Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) introduced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules with iHealth Solutions, LLC (doing enterprise as Advantum Health), a Kentucky-based enterprise affiliate that gives coding, billing, and onsite info know-how companies to well being care suppliers.  The settlement concerned an information breach, the place a community server containing the protected well being info of 267 people was left unsecure on the web.  The HIPAA Privacy, Security, and Breach Notification Rules set the necessities that HIPAA-regulated entities should comply with to guard the privateness and safety of well being info.

“HIPAA business associates must protect the privacy and security of the health information they are entrusted with by HIPAA covered entities,” mentioned OCR Director Melanie Fontes Rainer. “Effective cybersecurity includes ensuring that electronic protected health information is secure, and not accessible to just anyone with an internet connection.”

In August 2017, OCR initiated an investigation of iHealth Solutions following the receipt of a breach report stating that iHealth Solutions had skilled an unauthorized switch of protected well being info, often known as exfiltration, from its unsecured server. The protected well being info included affected person names, dates of beginning, addresses, Social Security numbers, e mail addresses, diagnoses, therapy info, medical procedures, and medical histories. In addition to the impermissible disclosure of protected well being info, OCR’s investigation discovered proof of the potential failure by iHealth Solutions to have in place an evaluation to find out dangers and vulnerabilities to digital protected well being info throughout the group.

iHealth Solutions has paid $75,000 to OCR and agreed to implement a corrective motion plan, which identifies steps iHealth Solutions will take to resolve potential violations of the HIPAA Privacy and Security Rules and shield the safety of digital protected well being info. Under the phrases of the settlement settlement, iHealth Solutions shall be monitored by OCR for 2 years to make sure compliance with the HIPAA Security Rule. iHealth Solutions has agreed to take the next steps:

• Conduct an correct and thorough evaluation of its group to find out the potential dangers and vulnerabilities to the digital protected well being info it holds;
• Develop and implement a threat administration plan to handle and mitigate recognized safety dangers and vulnerabilities to the confidentiality, integrity, and availability of its digital protected well being info;
• Implement a course of to guage environmental and operational modifications that have an effect on the safety of digital protected well being info; and
• Develop, keep, and revise, as mandatory, its written HIPAA insurance policies and procedures.

The decision settlement and corrective motion plan could also be discovered at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/ihealth-ra-cap/index.html

OCR is dedicated to imposing the HIPAA Rules that shield the privateness and safety of peoples’ well being info. If you imagine that your or one other particular person’s well being info privateness or civil rights have been violated, you possibly can file a criticism with OCR at https://www.hhs.gov/ocr/complaints/index.html.