{"id":29915,"date":"2023-05-25T16:56:00","date_gmt":"2023-05-25T16:56:00","guid":{"rendered":"https:\/\/www.dinsmore.com\/?post_type=publications&#038;p=29915"},"modified":"2025-11-24T20:20:05","modified_gmt":"2025-11-24T20:20:05","slug":"settlement-reached-after-200000-affected-by-hipaa-breach","status":"publish","type":"publications","link":"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/","title":{"rendered":"Settlement Reached After 200,000 Affected by HIPAA Breach"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/HIPAA-LA-HEADER.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<p>On May 16, 2023, the U.S. Department of Health and Human Services\u2019 Office for Civil Rights (\u201cOCR\u201d) <a href=\"https:\/\/www.hhs.gov\/about\/news\/2023\/05\/16\/hhs-office-civil-rights-settles-hipaa-investigation-arkansas-business-associate-medevolve-following-unlawful-disclosure-phi-unsecured-server-350-000.html\">announced<\/a> a $350,000 settlement with MedEvolve, Inc., a practice and revenue cycle management and practice analytics software services company, to resolve alleged violations of the Health Insurance Portability and Accountability Act (\u201cHIPAA\u201d) regulations. The settlement concludes OCR\u2019s five-year investigation into the business associate, after a breach notification report claiming a server containing the protected health information (\u201cPHI\u201d) of over 200,000 individuals was openly accessible on the Internet. Notably, OCR also found that MedEvolve failed to enter into a business associate agreement with a subcontractor and that the company\u2019s \u201cassessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by it as a business associate was not sufficiently accurate or thorough.\u201d<\/p>\n\n\n\n<p>In addition to a monetary settlement, MedEvolve has agreed to a two year <a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/compliance-enforcement\/agreements\/medevolve-ra-cap\/index.html\">corrective action<\/a> plan, where OCR will monitor the business associate\u2019s compliance with HIPAA. Among other obligations, the corrective action plan requires MedEvolve to develop and implement a risk management plan to identify security risks and vulnerabilities, and augment its current HIPAA and Security training program.<\/p>\n\n\n\n<p>The HIPAA Privacy, Security, and Breach Notification Rules apply to most health care entities and those who maintain, access, use and\/or disclose PHI when they do business with them. This settlement serves as a reminder that it is critical for covered entities, business associates, and their subcontractors to comply with the requirements imposed by the HIPAA regulations, which includes securing (encrypting) PHI and entering into downstream business associate agreements. If you believe your organization has experienced a potential HIPAA breach, please contact a Dinsmore health care attorney.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On May 16, 2023, the U.S. Department of Health and Human Services\u2019 Office for Civil Rights (\u201cOCR\u201d) announced a $350,000 settlement with MedEvolve, Inc., a practice and revenue cycle management and practice analytics software services company, to resolve alleged violations of the Health Insurance Portability and Accountability Act (\u201cHIPAA\u201d) regulations. The settlement concludes OCR\u2019s five-year\u2026<\/p>\n","protected":false},"author":8,"featured_media":0,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"tags":[],"publication-type":[12],"class_list":["post-29915","publications","type-publications","status-publish","format-standard","hentry","publication-type-legal-alerts"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Settlement Reached After 200,000 Affected by HIPAA Breach - Dinsmore &amp; Shohl<\/title>\n<meta name=\"description\" content=\"Settlement Reached After 200,000 Affected by HIPAA Breach Read insights and legal analysis from attorneys at Dinsmore &amp; Shohl LLP.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Settlement Reached After 200,000 Affected by HIPAA Breach\" \/>\n<meta property=\"og:description\" content=\"Settlement Reached After 200,000 Affected by HIPAA Breach Read insights and legal analysis from attorneys at Dinsmore &amp; Shohl LLP.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"Dinsmore &amp; Shohl\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-24T20:20:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/HIPAA-LA-HEADER.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/\",\"url\":\"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/\",\"name\":\"Settlement Reached After 200,000 Affected by HIPAA Breach - Dinsmore &amp; Shohl\",\"isPartOf\":{\"@id\":\"https:\/\/www.dinsmore.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/HIPAA-LA-HEADER.jpg\",\"datePublished\":\"2023-05-25T16:56:00+00:00\",\"dateModified\":\"2025-11-24T20:20:05+00:00\",\"description\":\"Settlement Reached After 200,000 Affected by HIPAA Breach Read insights and legal analysis from attorneys at Dinsmore & Shohl LLP.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/#primaryimage\",\"url\":\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/HIPAA-LA-HEADER.jpg\",\"contentUrl\":\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/HIPAA-LA-HEADER.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.dinsmore.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Settlement Reached After 200,000 Affected by HIPAA Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dinsmore.com\/#website\",\"url\":\"https:\/\/www.dinsmore.com\/\",\"name\":\"Dinsmore & Shohl\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.dinsmore.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dinsmore.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.dinsmore.com\/#organization\",\"name\":\"Dinsmore & Shohl\",\"url\":\"https:\/\/www.dinsmore.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dinsmore.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2025\/12\/Dinsmore-Final-Logo-Navy.svg\",\"contentUrl\":\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2025\/12\/Dinsmore-Final-Logo-Navy.svg\",\"width\":413,\"height\":54,\"caption\":\"Dinsmore & Shohl\"},\"image\":{\"@id\":\"https:\/\/www.dinsmore.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Settlement Reached After 200,000 Affected by HIPAA Breach - Dinsmore &amp; Shohl","description":"Settlement Reached After 200,000 Affected by HIPAA Breach Read insights and legal analysis from attorneys at Dinsmore & Shohl LLP.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/","og_locale":"en_US","og_type":"article","og_title":"Settlement Reached After 200,000 Affected by HIPAA Breach","og_description":"Settlement Reached After 200,000 Affected by HIPAA Breach Read insights and legal analysis from attorneys at Dinsmore & Shohl LLP.","og_url":"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/","og_site_name":"Dinsmore &amp; Shohl","article_modified_time":"2025-11-24T20:20:05+00:00","og_image":[{"url":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/HIPAA-LA-HEADER.jpg","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/","url":"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/","name":"Settlement Reached After 200,000 Affected by HIPAA Breach - Dinsmore &amp; Shohl","isPartOf":{"@id":"https:\/\/www.dinsmore.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/#primaryimage"},"image":{"@id":"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/HIPAA-LA-HEADER.jpg","datePublished":"2023-05-25T16:56:00+00:00","dateModified":"2025-11-24T20:20:05+00:00","description":"Settlement Reached After 200,000 Affected by HIPAA Breach Read insights and legal analysis from attorneys at Dinsmore & Shohl LLP.","breadcrumb":{"@id":"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/#primaryimage","url":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/HIPAA-LA-HEADER.jpg","contentUrl":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/HIPAA-LA-HEADER.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.dinsmore.com\/publications\/settlement-reached-after-200000-affected-by-hipaa-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.dinsmore.com\/"},{"@type":"ListItem","position":2,"name":"Settlement Reached After 200,000 Affected by HIPAA Breach"}]},{"@type":"WebSite","@id":"https:\/\/www.dinsmore.com\/#website","url":"https:\/\/www.dinsmore.com\/","name":"Dinsmore & Shohl","description":"","publisher":{"@id":"https:\/\/www.dinsmore.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dinsmore.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.dinsmore.com\/#organization","name":"Dinsmore & Shohl","url":"https:\/\/www.dinsmore.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dinsmore.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2025\/12\/Dinsmore-Final-Logo-Navy.svg","contentUrl":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2025\/12\/Dinsmore-Final-Logo-Navy.svg","width":413,"height":54,"caption":"Dinsmore & Shohl"},"image":{"@id":"https:\/\/www.dinsmore.com\/#\/schema\/logo\/image\/"}}]}},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/publications\/29915","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/publications"}],"about":[{"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/types\/publications"}],"author":[{"embeddable":true,"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/users\/8"}],"version-history":[{"count":3,"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/publications\/29915\/revisions"}],"predecessor-version":[{"id":62156,"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/publications\/29915\/revisions\/62156"}],"wp:attachment":[{"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/media?parent=29915"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/tags?post=29915"},{"taxonomy":"publication-type","embeddable":true,"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/publication-type?post=29915"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}