St. Joseph Health, a 14-hospital delivery system serving parts of Texas, California and New Mexico, is the greatest agency to agree to execute a corrective action plan with the HHS Office for Civil Rights following a violation or beach of protected health information. That’s why HIPAA imposes fine on unsecured files for St. Joseph Health.
Along with the corrective actions, St. Joseph Health will pay a settlement fine of $2,140,500. The agency reported a breach in the year of February 2012 after files created for its EHR meaningful use program were approachable on the Internet for about half of that month. For this purpose, HIPAA imposes fine on unsecured files for St. Joseph Health.
“The server SJH bought to store the files involved a file sharing application whose default settings permitted anyone with an Internet connection to access them,” in accordance to an OCR statement. “Upon execution of this server and the file sharing application, SJH didn’t analyze or modify it. As an outcome, the public had unrestricted approach to PDF files containing the electronic protected health information of 31,800 people, involving sufferer names, health statuses, diagnoses and demographic data.”
“Entities must not just perform a comprehensive risk analysis, but also must determine and deal potential security risks when implementing enterprise changes affecting ePHI,” OCR Director Jocelyn Samuels claimed in a statement. That’s why HIPAA imposes fine on unsecured files for St. Joseph Health.
The agency appreciated the settlement and released the following statement:
“St. Joseph Health is glad that we could come to a settlement on this problem and we thoroughly regret any undue concern to our sufferers. The facts to remember about this case are that information didn’t include Social Security (numbers), addresses or financial information. Furthermore, there is no indication that the data was utilized by unauthorized persons. Since the situation was discovered, we have contributed in a number of initiatives to make sure the continued security of sufferer data, involving $17 million in enhanced data security infrastructure. These steps and more are intended to provide for the safety and security of our sufferers’ information.”
The resolution agreement and corrective action plan are available here.
No comments:
Post a Comment