"The [Adult & Pediatric Dermatology (APDerm)] Settlement marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the HITECH Act.... The investigation revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of [electronic protected health information] as part of its security management process. Further, APDerm did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members."  MORE >>