HIPAA Blog

[ Friday, June 13, 2008 ]

 

An Object Lesson in Managing Employee Termination: A federal jury in San Diego has sentenced a computer engineer to 5 years in jail, and ordered him to pay $400,000 in restitution, for hacking into his ex-employer's computer system and deleting records. The records were computerized medical records of patients involved in federal drug studies. The guy was really stupid, should be punished, and got what he deserved. But this is also a good lesson to everyone in the HIPAA universe: make sure you deal with terminated employees in a way that seals them out of your records. Make sure you can trace who is getting into your records, and when (keep a close eye on your audit logs). An employee who knows he's on the way out may set up some back doors for himself after he leaves.

This is reminiscent of a case a while back involving Medco. That guy went to jail, too.

Jeff [11:21 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template