ePHI deleted: OCR settles another HIPAA investigation

Jan. 9, 2025
More than one Security Rule failure settled.

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) concluded another HIPAA violation investigation, settling $337,750 with USR Holdings, LLC.

Nearly 3,000 patients’ electronic protected health information (ePHI) was retrieved by an “unauthorized third party/parties who were able to delete ePHI in the database,” according to an HHS release.

Upon conducting their investigation, OCR found the organization was failing to “conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to ePHI in its systems; to regularly review its information system activity; and to establish and implement procedures to create and maintain retrievable exact copies of ePHI.”

USR will take several steps recommended by OCR to resolve and prevent future breaches.  

HHS release

ID 127007370 © Monkey Business Images | Dreamstime.com
dreamstime_xxl_127007370_1
ID 279258836 © Yuri Arcurs | Dreamstime.com
dreamstime_xxl_279258836
ID 325004540 © Yuri Arcurs | Dreamstime.com
dreamstime_xxl_325004540