HIPAA settlement highlights need to protect PHI access when staff leave

Dec 13, 2018 - 02:41 PM
HIPAA-settlement

A settlement agreement with Pagosa Springs (Colo.) Medical Center that the Department of Health and Human Services’ Office for Civil Rights announced this week highlights important, but perhaps sometimes overlooked, privacy and security risk issues associated with access to electronic protected health information. The settlement resolves a complaint alleging that the hospital impermissibly disclosed electronic PHI to a former employee, and to a web-based scheduling calendar vendor without a business associate agreement in place. Pagosa Springs, a critical access hospital, agreed to pay $111,400 and adopt a corrective action plan to settle these potential violations of the Health Insurance Portability and Accountability Act privacy and security rules. “Covered entities that do not have or follow procedures to terminate information access privileges upon employee separation risk a HIPAA enforcement action,” OCR said. “Covered entities must also evaluate relationships with vendors to ensure that business associate agreements are in place with all business associates before disclosing protected health information.”

Related News Articles

Headline
Microsoft warns of sophisticated phishing campaign heavily targeting health care organizations
Microsoft Threat Intelligence is warning of a large scale, multistage phishing campaign that disproportionately targeted the health care sector, sending “code…
Headline
CISA announces initiative to bolster critical infrastructure against nation-state cyberattacks
The Cybersecurity and Infrastructure Security Agency has launched a new initiative for critical infrastructure to defend against cyberattacks through proactive…
Headline
Webinar to explore AI use in cybersecurity, health care technology 
John Riggi, AHA national advisor for cybersecurity and risk, will moderate a webinar May 5 at 1 p.m. ET that will explore how bad actors are leveraging…
Headline
AHA, Joint Commission announce cybersecurity readiness effort 
The AHA and Joint Commission May 4 announced the launch of the Cyber Resilience Readiness program, an initiative to help hospitals and health systems assess…
Headline
Agencies issue guidance on adopting agentic AI systems
The Cybersecurity and Infrastructure Security Agency, National Security Agency and international partners have released guidance on adopting agentic artificial…
Headline
Advisory details shifting tactics of Chinese cyber actors using covert networks for malicious activity
A joint advisory released April 23 from U.S. and international cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency, FBI,…