HIPAA Violation

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has reached a settlement with Health Fitness Corporation following a HIPAA violation involving the unauthorized online exposure of electronic protected health information (ePHI). The breach occurred due to a software misconfiguration, making sensitive health data accessible online. This violation highlights the importance of maintaining proper security controls and conducting regular risk assessments to prevent unauthorized data exposure.

Investigations and audits are being triggered by patient complaints. One such complaint that was investigated by OCR cost the office $28,000 and were found to be violating several HIPAA regulations.