Buffalo Nonprofit Penalized for HIPAA Breach
A breach of patient privacy earlier this year will cost the Arc of Erie County $200,000. The Buffalo-based nonprofit discovered in February that clients’ electronic personal health information was published on its website. While the Arc of Erie County said the website was for internal use only, the exposed ePHI is considered a violation of the Health Insurance Portability and Accountability Act (“HIPAA”). The organization must now provide a risk analysis, evaluate its policies and procedures, and present its findings to the New York attorney general’s office.