OCR's investigation found potential violations of the HIPAA Rules including failure to conduct an enterprise-wide risk analysis, and failures to implement risk management, information system activity review, and access controls.
"Hacking continues to be the greatest threat to the privacy and security of individuals' health information. In this case, a health plan did not stop hackers from roaming inside its health record system undetected for over a year which endangered the privacy of millions of its beneficiaries," said OCR Director
In addition to the monetary settlement,
*/ People using assistive technology may not be able to fully access information in this file. For assistance, contact the