Oregon Health and Science University (OHSU) was accused of violating two HIPAA data breaches involving protected health information (PHI). The first breach revolved around a stolen laptop. The second breach occurred when OHSU contracted cloud storage usage without securing a business associate agreement.
Although these violations have not yet caused harm to any OHSU patients, the healthcare institution has taken responsibility by agreeing to pay $2.7 million in fines and by implementing a stringent 3-year plan to ensure that the university is following HIPAA standards.
In a statement from CIO Bridget Barnes, she states that, “In the face of these challenges, OHSU is proactively working to ensure the creation of a sustainable gold standard for protected health information security and HIPAA compliance.”