Employer Penalties for Employee Termination

Posted by BAS - 17 December, 2020

header-picture

The City of New Haven Health Department entered into a HIPAA corrective action plan with the Department of Health and Human Services for failing to properly terminate a former employee’s access to protected health information. The City of New Haven, Connecticut Health department operates a public health clinic providing preventive medical services.

In 2017, the City filed a breach report with OCR indicating that a former employee may have accessed a file containing PHI of 498 individuals. An investigation showed that a former employee returned to the City 8 days after being fired, logged into her old computer with her still-active user name and password, and downloaded PHI onto a USB drive. The investigation also uncovered that the former employee shared her user ID and password with an intern who continued to use the credentials to access PHI after the employee was terminated.

The City agreed to pay $202,400 and implement a corrective action plan. A copy of the resolution agreement and corrective action plan may be accessed by clicking here.

Topics: MyEnroll360 Security, HR & Benefit Plans, HR & Benefits News, Technology News


Recent Posts

Question of the Week - Mid-Year Enrollment for Health Coverage

read more

OCR Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information

read more

Find your QELs in MyEnroll360

read more