HIPAA Settlement for Lack of Implementing Controls

Posted by BAS - 23 March, 2017

header-picture

Memorial Healthcare System (MHS) entered into a settlement of alleged violations of the HIPAA privacy and security rules. The settlement required MHS to pay $5.5 million.

MHS is a nonprofit corporation that operates hospitals, urgent care and other health care facilities in South Florida. HHS investigated MHS after MHS reported that protected health information of more than 115,000 individuals was improperly accessed by employees and potentially disclosed to physician office staff. The information included name, date of birth and Social Security number. The investigation showed that the login credentials of a terminated employee had been used to access the ePHI. While MHS did have policies in place to address end of access upon termination, it was determined that MHS did not actually follow the procedures and did not end access upon termination of employment. The former employee’s login credentials to access the ePHI were used from April 2011 to April 2012.


Recent Posts

Question of the Week - Mid-Year Enrollment for Health Coverage

read more

OCR Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information

read more

Find your QELs in MyEnroll360

read more