Another big HIPAA fine was announced today by the U.S. Department of Health and Human Services Office for Civil Rights (OCR). Oregon Health & Science University ( OHSU), which is up the hill from my alma mater Portland State University, has agreed to pay a whopping $2,7000,000 to settle HIPAA violations found during an investigation by OCR.
The investigation began after OHSU submitted several breach reports that affected thousands of individuals. The breaches included:
If these types of breaches sound familiar, it's because they are! We've previously written about these same types of offenses happening to others:
Although OHSU did perform risk analyses, OCR’s investigation found these analyses did not cover their entire enterprise, as required by the HIPAA Security Rule. In addition, while vulnerabilities and risks to PHI were found in many areas of the organization, OHSU did not act in a timely manner to implement measures to address these risks. Furthermore, OHSU lacked policies and procedures to prevent, detect, and correct security violations. Lastly, they failed to implement disk encryption for their workstations, despite having identified this lack of encryption as a risk.
Regardless of whether you can use a Mac or a PC, free disk encryption utilities are available for each operating system. Encrypting your computer's hard drive is a crucial component of HIPAA compliance and should not be overlooked.
SEE ALSO: Free Windows Encryption tools for HIPAA Compliance
SEE ALSO: Free Disk Encryption for Mac OS