Oregon Health & Science University Agrees to Pay $2.7M to Settle 2013 Data Breaches | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Oregon Health & Science University Agrees to Pay $2.7M to Settle 2013 Data Breaches

July 14, 2016
by Rajiv Leventhal
| Reprints

Oregon Health & Science University (OHSU) has signed a resolution agreement with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) following an investigation of two data breaches of electronic protected health information (PHI) that occurred in 2013.

In one of the incidents, information of more than 3,000 patients at OHSU was compromised after medical residents inappropriately stored the data on a cloud computing system. The other incident that year involved a stolen laptop containing the information of more than 4,000 patients. The resolution agreement just signed by the organization includes a one-time payment of $2.7 million and a rigorous three-year corrective action plan, according to an OHSU press release.

OHSU attests that no harm has been reported by any patients involved in either incident. Following an internal investigation in 2013, OHSU reported the breaches to OCR; offered free identity theft protection services to patients at risk for identity theft; established a 1-800-number to answer patient questions and concerns; implemented enhanced computer encryption across the university; and issued press releases outlining the incidents.

Over the next few months and beyond, OHSU integrity and information security experts will work with the consultant and the institution’s steering committee to identify patient information security risks or vulnerabilities, and make regular reports to OCR, and implement any necessary mitigation strategies, officials say.

“Patient privacy has been and always will be a top priority at OHSU. OHSU is continuously working to improve protection of patient information data in a constantly changing security and technology landscape,” said Bridget Barnes, OHSU CIO. “The two breaches that occurred in 2013 were stark reminders to OHSU how vigilant we must be. We made significant data security enhancements at the time of the incidents and now are investing at an unprecedented level in proactive measures to further safeguard patient information.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.