Overlooking risks leads to breach, $400,000 settlement

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on the lack of a security management process to safeguard electronic protected health information (ePHI). Metro Community Provider Network (MCPN), a federally-qualified health center (FQHC) of Denver, Colorado has agreed to settle potential noncompliance with the HIPAA Rules by paying $400,000 and implementing a corrective action plan.

Content created by Office for Civil Rights (OCR)
Content last reviewed