HIPAA settlement highlights need to protect PHI access when staff leave

Dec 13, 2018 - 02:41 PM
HIPAA settlement highlights need to protect PHI access when staff leave

A settlement agreement with Pagosa Springs (Colo.) Medical Center that the Department of Health and Human Services’ Office for Civil Rights announced this week highlights important, but perhaps sometimes overlooked, privacy and security risk issues associated with access to electronic protected health information. The settlement resolves a complaint alleging that the hospital impermissibly disclosed electronic PHI to a former employee, and to a web-based scheduling calendar vendor without a business associate agreement in place. Pagosa Springs, a critical access hospital, agreed to pay $111,400 and adopt a corrective action plan to settle these potential violations of the Health Insurance Portability and Accountability Act privacy and security rules. “Covered entities that do not have or follow procedures to terminate information access privileges upon employee separation risk a HIPAA enforcement action,” OCR said. “Covered entities must also evaluate relationships with vendors to ensure that business associate agreements are in place with all business associates before disclosing protected health information.”

Related News Articles

Headline
Center releases resources to protect against foreign intelligence threats
The National Counterintelligence and Security Center this week released resources to help the private sector protect American innovation and computer networks…
Headline
HHS task group releases health care cybersecurity guidelines
A Department of Health and Human Services task group recently released cybersecurity guidelines for the health care field, as mandated by the Cybersecurity Act…
Headline
HHS proposes to rescind two administrative simplification standards
The Department of Health and Human Services today issued a proposed rule that would rescind the standard unique health plan identifier (HPID) and other entity…
Headline
HHS seeks input on how to improve HIPAA rules
The Department of Health and Human Services’ Office for Civil Rights will accept comments through Feb. 11 on potential changes to the Health Insurance…
Headline
Committee highlights priorities to address cybersecurity challenges
Republicans on the House Energy and Commerce Committee Friday released a report summarizing initial efforts by its Oversight and Investigations Subcommittee to…
Headline
AHA comments on proposals to improve HIPAA standards process
AHA today commented on the National Committee on Vital and Health Statistics’ draft predictability roadmap, which proposes how the Department of Health and…