HIPAA Security Violation
Security risk analysis continues to grow in importance as it relates to safeguarding PHI (protected health information). Despite performing risk analyses, Idaho State University’s medical clinic incurred a breach resulting from disabling of firewall protections at servers maintained by the university. This resulted in a breach of electronic PHI for 17,500 patients; the breach led to a fine of $400,000. The HHS Office of Civil Rights, during their investigation, determined that the risk analyses and assessments of the clinics were incomplete and that they inadequately identified potential risks or the likelihood of these risks occurring.
Risk analysis is not a one-time task. Practices need to continue to assess their security measures, develop, and revise policies to mitigate costly breaches.
For more information on this particular case, visit: http://www.medicalpracticeinsider.com/news/compliance/disabled-firewall-leads-400000-hipaa-fine
Also, watch for our upcoming Alert newsletter with an article on security risk analysis.