recode.net – Anyone in the U.S. who has seen a health care provider in the last two decades is familiar with the data privacy requirements of the Health Insurance Portability and Accountability Act, better known as HIPAA. Every patient is asked to read a privacy statement and sign a form to acknowledge understanding that statement.
Health care workers are schooled on the intricacies of the law, so it’s a bit of a surprise that workforce members of St. Elizabeth’s Medical Center (SEMC), a hospital in Brighton, Mass., used an Internet-based file sharing service to store documents that contained electronic health records of 498 individuals without first assessing the risks associated with the use of the service. As the result of the HIPAA violation, SEMC agreed to pay $218,400 to the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR), and SEMC must comply with the terms of a Corrective Action Plan (CAP).
Read more at recode.net