Dive Brief:
- Two New York hospitals, New York Presbyterian Hospital and Columbia University Medical Center, have collectively agreed to hand over $4.8 million dollars to settle HIPAA fines after the electronic protected health information of 6,800 patients wound up on Google.
- The HHS division responsible for HIPAA enforcement, the Office for Civil Rights, discovered that the Columbia University physician exposed the ePHI when he attempted to deactivate a personally-owned server on the network containing the records. Because of inadequate technical safeguards, his actions resulted in patient data being accessible on the Internet.
Dive Insight:
This was a particularly widespread breach. Patients involved learned of it after receiving a complaint from an individual who saw the data of his deceased partner, a former NYP patient, online, according to Healthcare IT News. OCR is making an example of the two. "The message here is get your house in order," one OCR official told Healthcare IT News. "The gloves are off."