The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) resolved another Health Insurance Portability and Accountability Act of 1996 (HIPAA) cybersecurity issue.
After conducting an inquiry of Vision Upright MRI, OCR found the provider never performed a HIPAA risk assessment, resulting in the breach of over 20,000 patients’ medical images. Additionally, Vision Upright MRI did not notify the patients of the incident in a timely manner.
The provider and OCR reached a settlement agreement of $5,000 and a corrective action plan, according to HHS.
