The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has investigated the practice of Steven A. Porter, M.D., and found a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
Dr. Porter agreed to settle with a $100,000 fine and the adoption of a corrective plan which will come with an observation period of two years.
Dr. Porter’s Ogden, Utah practice sees over 3,000 patients per year. His practice offers gastroenterology services.
Originally, the Office for Civil Rights (OCR) began an investigation at Dr. Porter’s practice due to a breach report filed over a dispute with a business associate. Through the investigation of this report, evidence determined that Dr. Porter’s practice had failed to conduct a risk analysis at the time the report was filed and failed to conduct a risk analysis after the breach as well. Alongside this, Dr. Porter’s office was found to not have applied suitable security measures post-breach to reduce the risk of further compromising sensitive patient information.
Director Roger Severino of the Office for Civil Rights (OCR) has commented; “All health care providers, large and small, need to take their HIPAA obligations seriously. The failure to implement basic HIPAA requirements, such as an accurate and thorough risk analysis and risk management plan, continues to be an unacceptable and disturbing trend within the health care industry.”
Read the Department of Health and Human Service’s Website here.
The resolution agreement can be found here on the Department of Health and Human Service’s website.
Having trouble finding trustworthy IT support?
Please contact us to schedule a consultation.