Having twice unknowingly had patient information stolen in 2015, 21st Century Oncology, a large organization with 143 treatment centers in 17 states, has reached agreement with the HHS Office for Civil Rights on a corrective action plan to comply with the HIPAA privacy and security rules.
21st Century Oncology also will pay a $2.3 million civil money penalty to OCR.
The FBI in 2015 on two occasions notified the organization that patient information had been taken by an unauthorized third party, including patient files purchased by an FBI informant.
