[ Friday, February 17, 2017 ]


Another Day, Another Monster Fine: This time it's Memorial Healthcare System (Florida), with a $5.5 million fine for not following access controls and allowing terminated employees to continue accessing medical records after being terminated.  They had policies and procedures to terminate access, but dropped the ball with that employee, who kept accessing records for a year (I suspect the former employee was stealing identities, too).  To compound matters, they didn't audit access; if they had, they might've caught the former employee before too many records were accessed.

This is a big fine.  These days, they all are.  Time to get serious.

Jeff [12:46 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template