[ Tuesday, October 18, 2016 ]
Jeff [12:59 PM]
Another Day, Another big HIPAA settlement
: $2,140,500 paid by St. Joseph Hospital of Irvine, California
. The hospital installed a new server for its "meaningful use" process, but didn't remove the default settings that made the server generally accessible over the internet. They hired consultants and did some risk analysis, but none of it was system-wide; I'm not sure that a system-wide review would've fixed the problem, but if we've learned anything lately, the fact that the error didn't cause damage doesn't mean you don't have to pay for it.
Good, solid, system-wide risk analysis, reaching across your entire enterprise (geographically, lines of service, operationally, administratively, whatever) is mandatory, and (if you get caught, even by an unrelated issue) failure to do so will probably bring a fine.
Blogger: HIPAA Blog - Edit your Template