OCR levies $2.3M fine over massive breach affecting PHI of 6M people

Tennessee-based management company CHSPSC has agreed to pay $2.3 million to settle potential HIPAA violations following a data breach that occurred in 2014. The breach resulted in the exposure of protected health information of more than 6 million people. CHSPSC will also be subjected to a two-year monitoring period as part of a corrective action plan. Community Health Systems, the owner of CHSPSC, has disputed the allegations made by the HHS Office for Civil Rights and has settled without admission of fault after a six-year investigation.