ISU To Pay $400,000 Breach Fine
HEALTHCARE PRIVACY—U.S.May 23, 2013
The Department of Health and Human Services (HHS) has released a resolution agreement following Idaho State University’s (ISU) HIPAA violations dating back to August 2011, Health IT Security reports. ISU will pay $400,000 in penalties for exposing data on 17,500 patients by disabling a firewall for at least 10 months, the report states. HHS found ISU committed violations including failing to conduct a risk analysis of the confidentiality of its electronic personal health records and failing to implement sufficient security measures to reduce risk. ISU has entered into a corrective action plan agreement with HHS.