Widespread HIPAA vulnerabilities result in $2.7 million settlement with Oregon Health & Science University - July 18, 2016

Subject: Widespread HIPAA vulnerabilities result in $2.7 million settlement with Oregon Health & Science University

Oregon Health & Science University (OHSU) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules following an investigation by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) that found widespread and diverse problems at OHSU, which will be addressed through a comprehensive three-year corrective action plan. The settlement includes a monetary payment by OHSU to the Department for $2,700,000.

Read the HHS Press Release
Read the Resolution Agreement and Corrective Action Plan

Content created by Office for Civil Rights (OCR)
Content last reviewed July 18, 2016