11 May 2014 - 9:52am | posted by | 0 comments

US health care firms pay $4.8m in damages after 6,800 patient records leaked to web

US health care firms pay $4.8m in damages after 6,800 patient records leaked to web US health care firms pay $4.8m in damages after 6,800 patient records

Two US health care outlets - Columbia University and the New York and Presbyterian Hospital (NYP) - have paid a whopping $4.8m to settle charges after they inadvertently leaked the records of 6,800 patients on the web.

This week the judgment was passed – four years after the incident - that they violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to secure thousands of patients’ electronic protected health information held on their network.

On the US department of Health and Human Services website it stated that the investigation revealed the data breach happened when a physician employed by Columbia University tried to deactivate a personally-owned computer server on the network which contained NYP and the network of patient data.

Due to a lack of technical safeguards this action resulted in the data being made accessible on internet search engines.

The health care organisations were apprised of the breach after receiving a complaint from an individual who found details of their deceased partner – a former patient of NYP – on the internet.

The Office for Civil Rights (OCR) investigation discovered that neither outlet had taken measures to ensure the server had the appropriate software protections prior to the breach.

“When entities participate in joint compliance arrangements, they share the burden of addressing the risks to protected health information,” said Christina Heide, acting deputy director of Health Information Privacy for OCR.

“Our cases against NYP and CU should remind health care organizations of the need to make data security central to how they manage their information systems.”

In addition to the fine, both health care outlets will have to agree to a “substantive corrective action plan”, which includes undertaking a risk analysis, developing a risk management plan, revising policies and procedures, training staff, and providing progress reports.

Be the first to comment on this article: sign in or register.

Latest Projects from the Profile Hub

Invitations With Gravitas

29/01/2015
Denmore Press - Prestigious Invites & Bespoke Envelopes...

The Dogs Trust relaunch with a responsive website!

29/01/2015
The challenge Dogs Trust, the largest dog welfare charity...

Responsive Website for B2B publisher Incisive Media

28/01/2015
How do you bring a major B2B publishing firm’s website into...

The Launch of the New Generation Hyundai i20

28/01/2015
The start of 2015 marked the launch of the New Generation...

Generating Coverage is Plain Sailing for Cruise Nation

27/01/2015
The Rooster team has continued to generate high levels of...