The University of Washington Medicine will pay $750,000 in a settlement with the Health and Human Services Department's Office for Civil Rights after a potential HIPAA violation.
HHS began its investigation of the healthcare system after the report of a breach on Nov. 27, 2013, that may have impacted the personal health information of 90,000 consumers. The breach occurred when an employee downloaded an attachment to an email that had malware in it, according to HHS.
HHS found that UWM did not ensure its affiliated entities were conducting risk assessments and responding to vulnerabilities. In addition to the fine, UWM also must create a corrective action plan and create annual reports on compliance efforts. Announcement