The US Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules with iHealth Solutions, LLC (doing business as Advantum Health), a Kentucky-based business associate that provides coding, billing, and onsite information technology services to healthcare providers. The settlement involved a data breach, where a network server containing the protected health information of 267 individuals was left unsecure on the internet. In addition to the impermissible disclosure of protected health information, OCR’s investigation found evidence of the potential failure by iHealth Solutions to have in place an analysis to determine risks and vulnerabilities to electronic protected health information across the organization.
iHealth Solutions has paid $75,000 to OCR and agreed to implement a corrective action plan, which identifies steps iHealth Solutions will take to resolve potential violations of the HIPAA Privacy and Security Rules and protect the security of electronic protected health information. Under the terms of the settlement agreement, iHealth Solutions will be monitored by OCR for two years to ensure compliance with the HIPAA Security Rule.