The U.S. Department of Health & Human Services’ Office of for Civil Rights (HHS OCR) has made it very clear that it’s the operator’s responsibility to police its own data policies—even among employees. Memorial Healthcare Systems (MHS) found that out the hard way, and now has to pay HHS $5.5 million to settle “potential violations” of HIPAA’s Privacy and Security rules, and to implement a “robust” 3-year corrective action plan and resolution agreement. HHS came …
Read More