The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) concluded another HIPAA violation investigation, settling $337,750 with USR Holdings, LLC.
Nearly 3,000 patients’ electronic protected health information (ePHI) was retrieved by an “unauthorized third party/parties who were able to delete ePHI in the database,” according to an HHS release.
Upon conducting their investigation, OCR found the organization was failing to “conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to ePHI in its systems; to regularly review its information system activity; and to establish and implement procedures to create and maintain retrievable exact copies of ePHI.”
USR will take several steps recommended by OCR to resolve and prevent future breaches.
