On the heels of the penalty levied against Triple-S, HHS has settled another case involving alleged violation of the data security requirements of HIPAA.  This time, the University of Washington Medicine was the health provider to bend the knee, agreeing to pay HHS $750,000 and institute a corrective action plan.  The electronic protected health information of 90,000 individuals was allegedly compromised when a UW Medicine employee downloaded an email attachment containing malware that infiltrated the university’s IT system.