The University of Rochester Medical Center (URMC) has agreed to pay $3 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. URMC filed breach reports with OCR in 2013 and 2017 following its discovery that protected health information (PHI) had been impermissibly disclosed through the loss of an unencrypted flash drive and theft of an unencrypted laptop, Of note, in 2010, OCR investigated URMC concerning a similar breach involving a lost unencrypted flash drive and provided technical assistance to URMC. Despite the previous OCR investigation, and URMC's own identification of a lack of encryption as a high risk to ePHI, URMC permitted the continued use of unencrypted mobile devices.
Product Categories
- Applicant & Employee Assessment22 products
- Employee Training1818 products
- Webinars1818 products
- Federal & State Posters44 products
- Forms4747 products
- ADA Forms33 products
- Attendance Forms66 products
- FMLA Forms66 products
- New Employee Forms99 products
- Performance Management Forms77 products
- Personnel File Folders & Kits33 products
- Pre-Employment Forms99 products
- Separation Forms44 products
- Manuals1212 products
- Resources33 products