HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000

OCR has announced a settlement of potential violations of the HIPAA Rules with MedEvolve, Inc., a business associate that provides practice management, revenue cycle management, and practice analytics software services to covered health care entities. The settlement concludes OCR’s investigation of a data breach, where a server containing the protected health information of 230,572 individuals was left unsecure and accessible on the internet.

Read the HHS Press Release
Read the Resolution Agreement and Correction Action Plan

Content created by Office for Civil Rights (OCR)
Content last reviewed May 16, 2023

HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000

Subscribe to Email Updates

Disclaimer Policy: Links with this icon () mean that you are leaving the HHS website.