Spencer Fane attorneys Stacy Harper, Shannon Bond, Hillary Martel, and Shawn Tuma recently published an article featured in Law360 discussing a large Office of Civil Rights (OCR) investigation and settlement.
Titled “Compliance Lessons From $1M HHS Fine For Data Breach,” the article outlines the nature of the Lifespan Health System breach, the factors affecting the settlement, and the takeaways other entities can utilize to avoid a similar incident.
“Upon seeing the settlement amount and number of patients affected, some might, at first glance, believe the settlement amount to be out of proportion for a breach only affecting 20,431 patients,” the authors explained in the article. “For Lifespan, even though only 20,431 patients’ ePHI was breached, the OCR’s investigation revealed that Lifespan failed to take basic measures to protect ePHI from a breach, and the OCR took stronger steps as a result.”
To read a pdf of the full article, please click here (originally published on Law360).