How important is it to regularly review IT systems to access and address the risks to ePHI?
The Anchorage Community Mental Health Services (ACMHS) is in the process of settling a large fine with the Offie of Civil Rights (OCR), for violations of HIPAA’s Security Rule. They recently reported a breach of unsecured ePHI affecting 2,743 individuals. The breach occurred due to oversight in following the HIPAA Security Rule policies and procedures.
The security incident was the direct result of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software.
As per OCR Director Jocelyn Samuels, ““Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis. This includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks”
Read the full report: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/acmhs/index.html
Latest posts by EHR 2.0 (see all)
- Trump Administrations’ Effect on Healthcare Organizations - January 23, 2017
- HIPAA Fine for Lack of Timely Breach Notification - January 11, 2017
- HIPAA Compliance 2016 Year in Review - January 9, 2017