In the second largest fine against a covered entity to date, Memorial Healthcare is set to pay 5.5 million dollars in breach of protected health information. In this case over 100,000 people were affected dating back between 2011 and 2012. Information such as names, dates of birth and social security numbers were leaked as reported by the U.S. Department of Health and Human Services.
Memorial Healthcare operates urgent care, ancillary healthcare facilities, hospitals and nursing homes. Using OHCA, doctors within this network can access information company-wide in order to have ease of access for all patients records.
Under this company charges of selling patient information and filing fraudulent tax returns were discovered. MHS failed to implement the proper safeguards for review under HIPAA regulations. This allowed for users to be unsupervised throughout use of the system.
Here are some important safeguards to implement in order to avoid the mistakes MHS made under HIPAA compliance:
- Implement and audit established policies and procedures
- User access controls must be timely, verifiable, and comprehensive
- After a risk analysis has been completed, corrective action must take place
- Ensure with your IT and HR departments that the proper audit controls are in place
Read more about the fine at Medsafe.com : https://www.medsafe.com/blog/hipaa-compliance/5-5-million-breach-settlement-second-largest-fine-to-date