Therapy Comply - HHS Office for Civil Rights Settles HIPAA Investigation with Arizona Hospital System Following Cybersecurity Hacking

Upcoming Webinars

OSHA Requirements for Therapy Practices and Facilities

29 May 2024 12:00 PM (CDT)
OSHA Requirements for Therapy Practices and Facilities

30 May 2024 12:00 PM (EDT)

Site Updates

Short Webinar - Medicare Assistants in 2024

6 May 2024 7:47 AM

Zachary Edgar
2024 Q2 NCCI Updates

18 Mar 2024 4:28 PM

Zachary Edgar
North Carolina Physical Therapy Compliance Guides

18 Mar 2024 3:57 PM

Zachary Edgar
Illinois Physical Therapy Compliance Guides

12 Mar 2024 12:00 PM

Zachary Edgar
Congress Reduces Medicare Rate Cut

9 Mar 2024 11:22 AM

Zachary Edgar

Disclaimer

The analysis of any legal or medical billing is dependent on numerous specific facts — including the factual situations present related to the patients, the practice, the professionals and the medical services and advice. Additionally, laws and regulations and insurance and payer policies are subject to change. The information that has been accurate previously can be particularly dependent on changes in time or circumstances. The information contained in this web site is intended as general information only. It is not intended to serve as medical, health, legal or financial advice or as a substitute for professional advice of a medical coding professional, healthcare consultant, physician or medical professional, legal counsel, accountant or financial advisor. If you have a question about a specific matter, you should contact a professional advisor directly. CPT copyright American Medical Association. All rights reserved. CPT is a registered trademark of the American Medical Association.

Home
HIPAA
HIPAA Blog
HHS Office for Civil Rights Settles HIPAA Investigation with Arizona Hospital System Following Cybersecurity Hacking

Back to list

HHS Office for Civil Rights Settles HIPAA Investigation with Arizona Hospital System Following Cybersecurity Hacking

2 Feb 2023 12:04 PM | Zachary Edgar (Administrator)

Banner Health pays $1.25 million to settle cybersecurity breach that affected nearly 3 million people

OCR has announced a settlement with Banner Health Affiliated Covered Entities (“Banner Health”), a nonprofit health system headquartered in Phoenix, Arizona, to resolve a data breach resulting from a hacking incident by a threat actor in 2016 which disclosed the protected health information of 2.81 million consumers. The potential violations specifically include: the lack of an analysis to determine risks and vulnerabilities to electronic protected health information across the organization, insufficient monitoring of its health information systems’ activity to protect against a cyber-attack, failure to implement an authentication process to safeguard its electronic protected health information, and failure to have security measures in place to protect electronic protected health information from unauthorized access when it was being transmitted electronically. As a result, Banner Health paid $1,250,000 to OCR and agreed to implement a corrective action plan, which identifies steps Banner Health will take to resolve these potential violations of the HIPAA Security Rule and protect the security of electronic patient health information:

Read the HHS Press Release

Read the Resolution Agreement and Correction Action Plan

Reference

HIPAA News Releases & Bulletins

Therapy Comply does not claim copyright over US Federal and State materials

About Us

Therapy Comply is a healthcare compliance firm that seeks to bring high quality web-based compliance guidance and one-on-one consulting services to small and medium size physical, occupational, and speech therapy practices.

Learn More

Join Us

Join today as either a monthly or a yearly member and enjoy full access to the site and a significant discount to our live and recorded webinars. Members also have access to compliance and billing support.

Join Today

Find Us