Colorado Hospital Pays $111,400 HIPAA Settlement For Failing To Stop Former Employee From Having Access To Patient Protected Health Information

Tucker Arensberg, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

The U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) just announced an $111,400 settlement and substantial corrective action plan for a Colorado hospital whose former employee still had access to electronic patient protected health information (“PHI”).

In 2013, Pagosa Springs Medical Center failed to de-activate a former employee’s username and password for a web-based scheduling calendar, which included patients’ electronic PHI.  Further, the hospital failed to have a business associate agreement in place with the web-based scheduling calendar vendor, as required by HIPAA.

In the Corrective Action Plan, the hospital will update its security management and business associate agreements (and associated policies and procedures) and provide additional training to its workforce about those matters.

You can read the HHS Press Release and the Resolution Agreement here: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/pagosasprings/index.html

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Tucker Arensberg, P.C. | Attorney Advertising

Written by:

Tucker Arensberg, P.C.
Tucker Arensberg, P.C.
Contact
more
less

Tucker Arensberg, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide