[ Wednesday, April 30, 2014 ]
Boston Medical Center
Jeff [6:42 PM]
: the hospital fired its transcription vendor
, because it found that the vendor made PHI available on its physician-access website without password protection. Obviously the physicians need to be able to access the transcriptions to review and sign off, but appropriate protections must be in place. Firing the vendor probably gives the covered entity hospital a possible defense against an OCR fine (assuming they didn't/shouldn't have known about the problem earlier).
Blogger: HIPAA Blog - Edit your Template