First settlement for a smaller HIPAA breach
As the Regulatory and Litigation leader of Holland & Knight's Healthcare & Life Sciences Team and co-chair of the Cybersecurity and Privacy Team, Partner Shannon Hartsfield discusses the essential updates you need to know after the Department of Health and Human Services announced the very first HIPAA breach settlement involving fewer than 500 individuals. In this article, she delves into the following topics:
- HIPAA penalties are not reserved for large breaches
- Addressing a breach quickly won’t insulate an organization from penalties
- A breach gives OCR the opportunity to uncover other problems
- Even smaller covered entities will be held accountable
- Companies should look for gaps in current compliance plans
READ: First settlement for a smaller HIPAA breach