An administrative law judge (“ALJ”) recently ruled that the University of Texas MD Anderson Cancer Center (“MD Anderson”) in Houston must pay a $4.3 million fine to HHS Office of Civil Rights (“OCR”) for HIPAA data privacy and security violations. It is the fourth largest HIPAA-related settlement ever paid to the OCR. The ALJ fines included daily fines for MD Anderson’s non-compliance over a 22-month period and annual fines of $1.5 million for each of two calendar years. With respect to the $4.3 million penalty, the ALJ noted that MD Anderson is a “multi-billion dollar per year business” and “remedies
Read More