Children’s Hospital Colorado Fined $548,265 for HIPAA Privacy and Security Rules Violations by OCR
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a civil monetary penalty of $548,265 against Children’s Hospital Colorado for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. These violations were reported in breach reports received in 2017 and 2020, relating to email phishing and cyberattacks. OCR is responsible for enforcing the HIPAA Privacy, Security, and Breach Notification Rules, which outline the requirements that covered entities (such as health plans, health care clearinghouses, and most health care providers), and business associates must follow to protect the [...]