St. Elizabeth’s Medical Center in Brighton, Massachusetts, a member hospital of Steward Health Care system, has had to pay $218,400 to the Department of Health and Human Services’ Office of Civil Rights after a security breach left patient information vulnerable. The hospital had been using an unprotected server to store patient data, and a former employee had saved patient data on a personal laptop and USB drive. These three breaches combined left the data of over 1,700 patients at risk, violating the Health Insurance Portability and Accountability Act (known to you as HIPAA). The hospital will be under continued investigation, including spot audits and random system checks – meaning the costs to this institution will go beyond the 218K they were fined. The hospital will attempt to secure the weak spots in their security, but the damage has already been done, for some patients.
When more patients are affected by security lapses, the total fines under HIPAA increase dramatically – with a penalty of up to 50K per piece of PHI breached. After violations at New York-Presbyterian Hospital and Columbia University Medical Center, 6,800 patients had their PHI found to be searchable on Google. An hospital provider had attempted to deactivate a personal profile and in doing so, the patient information that was stored on the server became searchable on the internet. This led to record fines from the Office for Civil Rights (OCR), and the two groups are now paying a combined $4.8 million.
As health care becomes increasingly intertwined with technology, protected health information can become more and more at risk – as it becomes easier to share and transmit information.. PHI is information that can be used to identify an individual, relating to their physical appearance and/or health. When covered entities, like health care providers, do not properly secure PHI, even by accident, they can face heavy fines from the Office for Civil Rights.
In a HIPAA-fied world, simple mistakes can have costly consequences! That is why CaptureProof puts security and privacy first – so providers can focus on practicing medicine. To date, the OCR has levied nearly $26.4 million from covered entities and business associates found to have violated HIPAA privacy, security and breach notification rules.
Don’t add to this figure – sign up for CaptureProof today to ensure your case-based photos, videos and chat are securely transmitted and stored!