***The Iowa Standard is an independent media voice. We rely on grassroots financial supporters to exist. If you appreciate what we do, please consider a one-time sign of support or becoming a monthly supporter (even just $5/month would go a long way in sustaining us!) We also offer advertising options for advocacy groups, events and businesses! If you’ve ever used the phrase “Fake News Media” — this is YOUR chance to do something about it! You can also support us on PayPal at [email protected] or Venmo at Iowa-Standard-2018 or through the mail at: PO Box 112 Sioux Center, IA 51250 Thank you so much for your support and please invite your friends and family to like us on Facebook, sign up for our email newsletter and visit our website!***

Iowa Attorney General Tom Miller joined 27 other attorneys general to obtain a $5 million judgment against Tennessee-based CHS/Community Health Systems, Inc., and its subsidiary, CHSPSC LLC. This judgment resolves an investigation of a data breach that affected approximately 6.1 million patients, including 7,002 Iowans.

At the time of the 2014 data breach, CHS owned, leased, or operated 206 affiliated hospitals. Exposed in the breach were the names, birthdates, Social Security numbers, phone numbers, and addresses of patients, according to a petition filed in Polk County District Court.

The judgment, agreed to by CHS, requires a $5 million payment to the states, including $38,895 to Iowa.  CHS also agrees to implement and maintain a comprehensive information security program reasonably designed to safeguard personal information and protected health information, which will include specific information security requirements.

“CHS failed to implement and maintain reasonable security practices,” Miller said. “The terms of this settlement will help ensure that patient information will be protected from unlawful use or disclosure.”

Specific information security measures contained in the agreed judgment include the requirements to develop a written incident response plan; to incorporate security awareness and privacy training for all personnel who have access to protected health information; to limit unnecessary or inappropriate access to protected health information and to implement specific policies and procedures regarding business associates, including use of business associate agreements and audits of business associates.

In addition to Iowa, other states participating in this settlement include Alaska, Arkansas, Connecticut, Florida, Illinois, Indiana, Kentucky, Louisiana, Massachusetts, Michigan, Mississippi, Missouri, Nebraska, Nevada, New Jersey, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Washington, and West Virginia.

Author: Press Release