Are You Sharing Your ePHI Over Encrypted Networks and Applications?

security-lowBecause there is yet another major data breach from a practice which was not…

It is troubling  to still find so many healthcare organizations not adequately securing their ePHI. The case in point this time is St. Elizabeth’s Medical Center (SEMC) in Brighton, MA.

On July 08 2015, SEMC agreed to pay $214,800 in penalties to HHS/OCR for non-compliance with HIPAA’s security regulations and agreed to a corrective action plan to cure gaps in the organization’s HIPAA compliance program.

So, how was SEMC found non-compliant?

1) The complaint alleged that workforce members used an internet-based document sharing application to store documents containing electronic protected health information (ePHI) of at least 498 individuals, without having analyzed the risks associated with such activity.

2) OCR’s investigation determined that SEMC failed to timely identify and respond to the known security incident, mitigate the harmful effects of the security incident, and document the security incident and its outcome.

3) On August 25, 2014, SEMC submitted


to HHS OCR regarding a breach of unsecured ePHI stored on a former SEMC workforce member’s personal laptop and USB flash drive, affecting 595 individuals.

Conducting a Security Risk Analysis and mitigating the gaps found once a year, along with staff training on HIPAA security awareness, are among the most effective ways to safeguard against incidents, such as the above, and avoid penalties for non-compliance.

More info can be found at:

Learn about EHR 2.0’s HIPAA Security Risk Analysis Services:

Learn about EHR 2.0’s HIPAA/HITECH Security Awareness Training:

Call with any questions on how EHR 2.0 can help secure your ePHI: 866 276 8307


Share this in :
The following two tabs change content below.
Our mission is to assist healthcare organizations and business associates in the development, design, and implementation of practices to secure IT systems and comply with HIPAA/HITECH privacy, security, breach and enforcement rules by protecting patient health information.

Latest posts by EHR 2.0 (see all)