Federal health officials have ordered the University of Texas MD Anderson Cancer Center to pay a $4.3 million fine for failing to secure health records stemming from data breaches.
The Houston Chronicle reports the U.S. Department of Health and Human Services announced that MD Anderson’s failure to encrypt health records violated the 1996 patient privacy law known as the Health Insurance Portability and Accountability Act.
The case involves three incidents in 2012 and 2013 when the center’s devices were either stolen or lost, potentially compromising the health records of 35,000 people. The Office of Civil Rights’ investigation into the data breaches found the center didn’t fully encrypt all of its devices during that time.
MD Anderson had alleged the center wasn’t subject to encryption requirements because the health information involved was being used for research.
Topics Texas
Was this article valuable?
Here are more articles you may enjoy.
Bessent Says Hormuz Ships Insurance Program to Start Soon 
Tennessee Approves Smallest Drop in Workers’ Compensation Costs in Years 
Fannie Mae, Freddie Mac Will Again Accept Actual Cash Value Home Insurance 
After 62 Years, Florida Appeals Court Drops the Expert Witness Rule on Attorney Fees 
