A Utah gastroenterologist has agreed to pay the HHS' Office of Civil Rights $100,000 for a corrective action plan related to a potential violation of a HIPAA security rule.
Steven A. Porter, MD, came under investigation after his practice filed a breach report involving a business associate. It was discovered Dr. Porter hadn't conducted a risk analysis during and after the breach and also hadn't adopted security measures to help prevent future breaches by addressing potential vulnerabilities.
"The failure to implement basic HIPAA requirements, such as an accurate and thorough risk analysis and risk management plan, continues to be an unacceptable and disturbing trend within the healthcare industry," said Roger Severino, director of the OCR.
Dr. Porter must also follow a corrective action plan with two years of monitoring