Newest HIPAA Settlement Underscores Consequences of Failing to Identify and Address Basic Risks to Protected Health Information (PHI)
Protecting your patients’ personal health information continues to take precedence for those in the medical field. The U.S. Department of Health and Human Services Office of Civil Rights has posted a bulletin regarding an enforcement action from OCR that resulted in a $150,000 fine and a 2-year Corrective Action Plan. This was a result from an organization that was not performing basic security functions such as having up to date security policies implemented and followed along with the use of software that had not been updated and was unsupported which allowed for security vulnerabilities.
This newest HIPAA settlement illustrates three points:
1) Relatively simple, basic processes and procedures can be implemented and followed to be HIPAA compliant, 2) Large fines can result from deficiencies in a facility’s HIPAA Compliance program, and 3) Enforcement is not merely about breaches, but rather the wider range of ongoing security and privacy compliance. Click here to read Case Examples and enforcement highlights from OCR investigations.