Yet more evidence that the federal government’s Department of Health and Human Services (HHS) is cracking down on HIPPA violations, the agency recently levied a hefty $2.14 million dollar fine against St. Joseph Health System for what it describes as an egregious breach of security.
The company reported earlier in the year that action on their part had left protected health information of nearly 32,000 individuals exposed on a server that anyone with internet access could make use of. In fact, the documents were found to be entirely accessible to Google and possibly other search engines and remained so for more than a year.
A deeper investigation revealed that upon acquiring a new server to house the records, the default settings of the server were not changed, and no particular safeguards were put in place to protect the information.
Worse, although St. Joseph had hired outside contractors to perform a risk assessment, it was done in haphazard fashion, and none of their work constituted an enterprise-wide survey of risks.
The size of the fine levied was a direct reflection of this and the number of records left unprotected.
As big as the St. Joseph fine is, it is not the largest fine levied by HHS in recent months. In fact, since the start of 2016, the department has fined a dozen different companies, with the largest fine being in excess of $5 million.
All of this serves to note just how seriously the government takes the proper safeguarding of protected health information. If your company deals with protected information on any level or to any degree, HIPPA compliance is crucial to avoid facing such penalties.
If you’re not sure where you stand, or how secure the protected health information you deal with is, contact us today and a member of our staff will be happy to assist you in order to ensure you are, and remain in full compliance.