Slow Learners Teach Big Lessons – $2 Million State HIPAA Penalty

Editor’s Note: We’d like to welcome Mike Semel as the latest addition to the Healthcare Scene blog team.  We’ve been working with Mike for quite a while as a guest blogger, so it’s great to have Mike now covering security and privacy with us in a more formal capacity.  Check out all of Mike Semel’s EMR and HIPAA blog posts. I think it is fair to call people slow learners if they get caught violating HIPAA: after they published 50,000 patient records to the Internet for a 2-year period, so patients Googling themselves found their medical records, and THEN DID IT AGAIN DURING THE INVESTIGATION for the first incident. Duh. On November 22, California Attorney General Xavier Becerra announced a $2 million settlement with Cottage Health System and its affiliated hospitals for violating both state and federal privacy laws. The settlement came after two separate data breaches where more than 50,000 patient records were made publicly available online. The state settlement is on top of a $4.125 million class-action settlement with its patients, that Cottage Health’s insurance company is trying to recover, because it said Cottage Health was not truthful on its insurance application. It’s bad enough that from 2011 until 2013 (after it was notified by a patient that he found his medical records online), Cottage Health had a server with protected health information that was not encrypted, password protected, protected by firewalls, or protected agains...
Source: EMR and HIPAA - Category: Information Technology Authors: Tags: Healthcare HealthCare IT HIPAA General HIPAA Training Cottage Health Cottage Health Breach HIPAA Compliance Mike Semel Semel Consulting Source Type: blogs