Skip to main content
U.S. flag

An official website of the United States government

Return to Search

HIPAA Settlement Underscores the Vulnerability of Unpatched and Unsupported Software

This is a HIPAA settlement and corrective action plan.

Final

Issued by: Office for Civil Rights (OCR)

Issue Date: July 06, 1905

HIPAA Settlement Reinforces Lessons for Users of Medical Devices

Lahey Hospital and Medical Center (Lahey)  has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR).  Lahey will pay $850,000 and will adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program.  Lahey is a nonprofit teaching hospital affiliated with Tufts Medical School, providing primary and specialty care in Burlington, Massachusetts.

HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.

DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.