Elgon Information Systems was fined $80,000 by the OCR for failing to conduct a risk analysis as required under the HIPAA Security Rule.
NuLLFiXThe U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced today that Elgon Information Systems (Elgon), a Massachusetts-based company providing electronic medical record and billing support services to covered entities, has agreed to an $80,000 settlement for violations of the HIPAA Security Rule. OCR enforces HIPAA's Privacy, Security, and Breach Notification Rules, which outline the responsibilities of covered entities—such as health plans, healthcare clearinghouses, and healthcare providers—and their business associates in safeguarding protected health information (PHI). The HIPAA Security Rule establishes national standards to protect electronic PHI (ePHI) through administrative, physical, and technical safeguards. This settlement [...]