In this June installation of HIPAA Center by Paubox, we kick off the first day of summer at beautiful Baker Beach in San Francisco with a special guest. But news of HIPAA violations is one summer bummer…
Without further ado, here are the top 5 HIPAA moments from the month of June.
Here’s what we know about HIPAA under Trump’s Administration so far. During his first 100 days in office, Trump has implemented five HIPAA enforcement actions – totaling $11,631,000 in HIPAA violation fees. Trump also released a proposed fiscal 2018 budget that has huge budget cuts to the Office of National Coordinator for Health IT (ONC) and the Office for Civil Rights (OCR), making it harder for the OCR to enforce HIPAA violations with limited resources. Learn more about what this means for HIPAA.
In 2015, a child welfare agency named Hillsides issued a press release stating it became aware of a HIPAA violation caused by one of its employees. This employee in particular had been using their work email to send protected health information to their personal email address. To make matters worse, Hillsides was unable to recover the data from the employee’s personal email account. Paubox Suite Premium includes Email DLP features, which can prevent HIPAA violations by scanning outbound email to detect the presence of protected health information and other indicators. See why the employee sent PHI to their personal email account.
St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) settled alleged HIPAA violations from a PHI data breach by paying $387,000 in an OCR HIPAA settlement.
OCR received a complaint in September 2014 that there had been a PHI data breach when St. Luke’s faxed an individual’s information to his employer.
On June 11, after a speech at Mirristown Medical Center in New Jersey, Governor Chris Christie told reporters that he's in talks with lawyers from the Department of Justice and HHS Secretary Dr. Tom Price about possible changes to HIPAA. Gov. Christie believes loosening HIPAA would help individuals with substance use disorders seek treatment. Time will tell if this proposed change ends up happening.
Read opinions from both sides here.
A former Beacon Health System employee has been discovered to have accessed the medical records of approximately 1,200 patients without authorization over a period of three years. The privacy breach was uncovered during a routine audit of ePHI access logs, with the unauthorized access discovered on March 30, 2017. The employee in question was permitted to access patient records to perform work duties, although access rights were abused and the records of other patients were viewed even though there was no legitimate work reason for doing so. An audit by Beacon Health discovered the unwarranted access of patient information, which occurred from March 2014 to March 2017. Learn more about this scandal here. That's all folks! These were the top 5 HIPAA moments in June, brought to you by Paubox. Tune in next month for our next installation of HIPAA Center! And don’t forget, Paubox is the easiest way to send and receive HIPAA compliant email. Paubox was built in Hawaii and now we’re scaling in SF. See you on the beach! Aloha!