The Department of Health and Human Services is lowering its top fines for less egregious HIPAA violations. Meanwhile, it’s pledging to make a “big push” to enforce patients’ right to access their health records. HHS will keep its revised interpretation of the HITECH Act penalty caps in mind “for all enforcement operations,” says Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA.

David Bailey, vice president of consulting services at Clearwater, a firm focused on cybersecurity in healthcare, told Fierce in an interview that the incident highlighted challenges in healthcare beyond fending off digital threats, as organizations grappled with a key service taken offline.