Federal regulators reach a $3 million HIPAA settlement in a case alleging that a medical imaging services provider delayed investigating and mitigating a breach involving patient information. The Department of Health and Human Services’ Office for Civil Rights says the case stems from a 2014 breach that affected 307,000 individuals. Under HIPAA, breaches affecting 500 or more individuals must be reported within 60 days. Touchstone Medical Imaging did not notify affected individuals or the news media until 147 days after it discovered the breach, the settlement agreement says.”]