The HHS Office for Civil Rights has once again sanctioned a healthcare provider organization for violating HIPAA privacy and security rules.
The University of Massachusetts Amherst, known as UMass, will pay a $650,000 settlement fine and enter into a two-year corrective action plan.
The sanctions follow UMass reporting to OCR in June 2013 that a workstation infected with malware resulted in disclosure of protected health information on 1,670 individuals. Malware infected a workstation in the UMass Center for Language, Speech and Hearing because no firewall was in place.