Need tech support? :

Talk to an Expert: : 512.693.8743 x 1


Importance of Thorough Risk Assessment Highlighted by Recent HIPAA Enforcement Action

Last month there were several HIPAA Enforcement Actions taken by the  U.S. Department of Health and Human Services Office for Civil Rights (OCR), one of which was as a result of an inadequate risk assessment. 

 The Office for Civil Rights has imposed a 1.6 million dollar civil money penalty against the Texas Health and Human Services Commission (TX HHSC) for HIPAA violations. TX HHSC operates state supported living centers; provides mental health and substance use services; regulates child care and nursing facilities; and administers hundreds of programs for people who need assistance.

 TX HHSC reported a breach to the OCR in June of 2015, stating that over 6,000 individual’s electronic protected health information (ePHI) had been accessible on the internet. The breach was discovered by a user who was able to access ePHI without entering credentials. This was made possible when a application was moved from a private secure server to a public server. During the OCR’s investigation, they determined that in part the lack of a enterprise wide risk analysis had lead to the breach. 

You can find more information on this breach and other recent HIPAA Enforcement Actions at the links provided below.

 Here is the link to the OCR’s full press release on the enforcement action.

Here is a link to a summary of some of the other HIPAA Enforcement Actions taken recently.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top