University of Rochester Medical Center was slapped with a $3 million HIPAA settlement and mandated a corrective action plan after two data breaches. The Department of Health and Human Services’ Office for Civil Rights cited the medical center for a familiar finding: failure to conduct an enterprisewide risk analysis. Much has changed at URMC since the breaches at the center of OCR’s investigation, says Mark Ballister, the organization’s CISO. Ballister and Jon Moore, chief risk officer at privacy and security consulting firm Clearwater, also discuss how the hospital’s security risk management program has evolved.”]
Source: https://www.careersinfosecurity.com/case-study-carrying-out-hipaa-corrective-action-plan-a-17274

