L.A. Care agrees to $1.3M settlement for breach-related HIPAA violations

Major U.S. public health plan L.A. Care has agreed to resolve possible Health Insurance Portability and Accountability Act violations stemming from data breaches with a $1.3 million settlement, reports FierceHealthcare. Such a settlement covers breaches that impacted L.A. Care in 2014 and 2019, with the health insurance provider found to have lacked any regular information system activity review processes and appropriate breach-preventing security measures, as well as failed to conduct periodic evaluations following operational and environmental modifications, according to the Department of Health and Human Services Office for Civil Rights. Aside from paying the settlement fee, L.A. Care has been ordered by the OCR to establish a risk management plan concerning online patient data, notify the HHS regarding employee noncompliance with HIPAA rules and any changes that may impact patient data security, conduct system vulnerability risk assessments, and develop risk analysis policies and procedures to be shared with its employees.