You are here:  Home » HIPAA » Could Former Employees Set You Up For Costly HIPAA Penalties?

Could Former Employees Set You Up For Costly HIPAA Penalties?

Posted by donna@healthlawcenterplc.com in Dec, 2018

HospitalThe Pagosa Springs Medical Center in Colorado settled an Office of Civil Rights HIPAA breach investigation by agreeing to pay a fine of $111,400. The settlement stemmed from a 2013 complaint that a former employee was able to access the Medical Center‘s web-based scheduling calendar, which contained patient protected health information (PHI).  Pagosa Springs Medical Center’s failure to terminate former employees’ access to facility information proved to be costly.  The investigation revealed that 557 individuals’ PHI was disclosed to a former employee and to the Medical Center’s web-based scheduling calendar vendor, Google.  In addition, the investigation discovered that the Medical Center and Google, its vendor, did not have a HIPAA required business associate agreement in place.

How secure is your patients’ PHI?  Does your facility or medical practice have required security safeguards in place?  The Health Law Center assists clients with HIPAA compliance and risk management issues.  Contact Donna J. Craig, Nurse Attorney for more information.

Read More

Category:  HIPAA, News & Updates

Post Tagged with , , , ,

Comments are closed.

© Copyright The Health Law Center | Website Design & Hosting by WebWorld Advantage