On May 6, 2019, Thora Johnson was quoted in Bloomberg Law on the $3 million fine Touchstone Medical Imaging will pay the government after an investigation revealed the firm exposed 300,000 patient records to the public.
According to the article, Touchstone signed a resolution agreement with the Department of Health and Human Services Office for the Civil Rights (OCR) and agreed to enter into a two-year corrective action plan. The hefty settlement is due in part to Touchstone's failure to investigate the records exposure until several months after the FBI and the OCR informed the firm about the data breach.
The settlement signals that the OCR is still in the enforcement game, despite the recent announcement that it is reducing the penalty caps for a number of privacy and security violations, said Johnson.
Touchstone's settlement highlights the importance of thoroughly and quickly investigating and remediating any security incidents, Johnson said. "The settlement serves as yet another reminder that OCR expects covered entities and business associates to timely notify OCR, individuals, and the media."