St. Elizabeth’s Medical Center (SEMC) in Massachusetts will pay over $200K as a penalty for HIPAA violations and has agreed to adopt a corrective action plan avoiding future issues.
Two violations were cited in the case one was as a result of a complaint alleging that internet sharing applications were used to story sensitive documents. The second complaint was due to a breach on an unencrypted personal laptop belonging to a hospital employee.
According to National Law Review “in the settlement SEMC did not admit to any violations. In its announcement of the settlement, the Office of Civil Rights emphasized that organizations must pay particular attention to HIPAA’s requirements when using internet-based document sharing applications. In addition, this settlement is one of many examples of a breach caused by unencrypted mobile devices.”
Increased scrutiny continues as HIPAA compliance remains in the cross-hairs of regulators. Findings such as these with substantially higher penalties are common and frequent. Making time to work with knowledgeable counsel to review compliance is worth the effort.
Recent Comments