The HHS Office for Civil Rights has settled a HIPAA investigation with iHealth Solutions for $75,000. iHealth Solutions, a business associate, experienced a data breach affecting 267 individuals when a network server containing protected health information was left unsecured on the internet. The investigation found evidence of potential failures by iHealth Solutions to analyze risks and vulnerabilities to electronic protected health information. As part of the settlement, iHealth Solutions will implement a corrective action plan and be monitored by OCR for two years to ensure compliance with the HIPAA Security Rule. Steps include conducting a thorough analysis of the organization, developing a risk management plan, evaluating changes affecting security, and maintaining written HIPAA policies and procedures.