HIPAA settlement highlights need to protect PHI access when staff leave

Dec 13, 2018 - 02:41 PM
HIPAA-settlement

A settlement agreement with Pagosa Springs (Colo.) Medical Center that the Department of Health and Human Services’ Office for Civil Rights announced this week highlights important, but perhaps sometimes overlooked, privacy and security risk issues associated with access to electronic protected health information. The settlement resolves a complaint alleging that the hospital impermissibly disclosed electronic PHI to a former employee, and to a web-based scheduling calendar vendor without a business associate agreement in place. Pagosa Springs, a critical access hospital, agreed to pay $111,400 and adopt a corrective action plan to settle these potential violations of the Health Insurance Portability and Accountability Act privacy and security rules. “Covered entities that do not have or follow procedures to terminate information access privileges upon employee separation risk a HIPAA enforcement action,” OCR said. “Covered entities must also evaluate relationships with vendors to ensure that business associate agreements are in place with all business associates before disclosing protected health information.”

Related News Articles

Headline
July 17 webinar to review health care cyber threats, security practices
The AHA and the Department of Homeland Security July 17 at 1 p.m. ET will host a webinar discussing current cybersecurity threats to the health care sector.
Headline
July 17 webinar on cyber threats to the health care sector
The AHA and the Department of Homeland Security July 17 at 1 p.m. ET will host a webinar discussing current cybersecurity threats to the health care sector.
Headline
FDA: Certain Medtronic insulin pumps recalled due to cybersecurity risk
Medtronic has recalled certain MiniMed insulin pumps due to cybersecurity risks, and will provide alternative pumps to the estimated 4,000 U.S. patients using…
Headline
AHA comments on Trusted Exchange Framework and Common Agreement
The AHA said it is generally supportive of the overall concept of the agreement and agency’s goal to create a voluntary network-of-networks that would enable…
Headline
AHA comments on HHS rules to promote health information exchange
Commenting today on the Office of the Nati
Headline
HHS issues factsheet on business associate requirements under HIPAA
The Department of Health and Human Services Office for Civil Rights Friday issued a factsheet on HIPAA requirements for business associates under the Health…