0      0

2017 Financial, Operations Management / IT Conference

IFD4 - HIPAA Compliance After the First Health Center Settlement

Oct 27, 2017 3:30pm ‐ Oct 27, 2017 5:00pm


In April 2017, the Office for Civil Rights (OCR) announced a $400,000 HIPAA settlement with a federally qualified health center. Although the health center responded appropriately to an email phishing incident affecting over 3,000 patient records, OCR found that the health center failed to complete the required risk assessment process and it failed to implement any corresponding risk management plans to address the risks and vulnerabilities identified in a risk analysis. With each settlement announced, OCR is sending a message to similar health care entities and this time the message was clearly directed at health centers.

In this session, we'll review the health system settlement and several other recent settlements to identify enforcement trends, settlement trends, and lessons learned.

  • Identify key HIPAA Privacy and Security Rule enforcement actions relevant to health centers and other community providers.
  • Understand risk assessment and risk management requirements under HIPAA
  • Draft activities related to HIPAA risks for inclusion in their health center's compliance work plan


  • Dianne Pledgie, Esq., Partner and Compliance Counsel, Feldesman Tucker Leifer Fidell LLP

You must be logged in and own this session in order to post comments.