Published: Aug. 5, 2016, 4 p.m.
What happened?
- March 23, 2013 Oregon Health & Science University notified HHS of a breach due to a stolen unencrypted laptop.
- May 1, 2013 OCR notifies them they are investigating the incident
- July 28, 2013 Oregon Health & Science University notified HHS of another breach resulting from storing ePHI at an internet-based service provider without a business associate agreement
- November 8, 2013 OCR notifies them they are investigating the new incident
- July 18, 2016 settlement announced for $2.7 million and a 3 year CAP
What can we learn from this? Go to Help Me WithHIPAA.com/65