In November 2019, the Department of Health and Human Services Office for Civil Rights (OCR) levied a penalty of $3 million against the University of Rochester Medical Center (URMC), New York for violating HIPAA rules in 2013 and 2017.
In 2013, the medical center system misplaced an unencrypted flash drive that contained patients’ protected health information (PHI). In 2017, a surgeon's unencrypted personal laptop containing PHI of patients was stolen. Even though during both the instances, URMC had reported the breach to the authorities, they failed to follow the recommended security practices of the OCR. The OCR also found that they did not implement encryption of PHI stored in devices.
"Because theft and loss are constant threats, failing to encrypt mobile devices needlessly puts patient health information at risk," said Roger Severino, OCR director. "When covered entities are warned of their deficiencies, but fail to fix the problem, they will be held fully responsible for their neglect."
"Protecting patient privacy is a top priority at Jackson Health System, and we're disappointed whenever we fall short of our high expectations," a spokesperson for the health system said. "Jackson recognized and reported this because strong organizations like ours admit their errors clearly, learn from them thoughtfully, and take decisive action to prevent them in the future."
Don't want to make the news for the wrong reasons? Download ManageEngine Log360, the tool that can help combat both internal and external security attacks.
HIPAA mandates the standards companies need to follow to protect and maintain the confidentiality of personally identifiable health care information. ManageEngine Log360, a comprehensive log management solution, helps IT security admins meet HIPAA requirements by monitoring and auditing access to critical data. This solution identifies and tracks suspicious insider activity as well.
Log360 provides out-of-the-box reports with exhaustive information on data access, user activity, user logon and logoff activity, and more. With these reports, you can draw meaningful insights on accesses, modifications, and permissions of critical files to help mitigate insider threats. This solution also generates real-time email or SMS alerts that help instantly mitigate any compliance violations.
Using Log360, you can:
Download a free trial version of Log360 to test these features out yourself.
© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.
You will receive weekly cybersecurity news soon!