July 22, 2016. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced on July 21, 2016, a $2.75 million settlement with the University of Mississippi Medical Center (UMMC) for failure to implement risk management measures of which it had been aware for a long time until after a breach of unsecured electronic protected health information occurred affecting approximately 10,000 individuals.
The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced on July 18, 2016, a $2.7 million settlement with Oregon Health and Science University (OHSU), a Portland, OR large academic health center and research university for multiple HIPAA violations, including multiple breaches of unsecured protected health information on portable devices, and storing electronic protected health information (ePHI) on a cloud-based server in the absence of initiating a business associate agreement. OCR and OHSU agreed to a 3-year resolution agreement and corrective action plan.
On July 11, 2016, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published a document entitled: Fact Sheet: Ransomware and HIPAA. The purpose of the document was to inform covered entities and business associates how they could enhance security measures to diminish the likelihood of having their electronic protected health information held hostage in a ransomware attack.