The HHS OCR has reached a settlement with BayCare Health System following a complaint involving unauthorized access to a patient's medical records by a former staff member. The investigation unveiled significant lapses in HIPAA Security Rule compliance, including failures in access authorization policies and risk management. Although the incident didn't breach the 500-patient threshold for public reporting, it raised concerns about patient data security. BayCare agreed to a corrective action plan, which OCR will oversee for two years, alongside paying an $800,000 settlement.
OCR found that BayCare failed to implement necessary policies for authorizing access to ePHI, leading to significant vulnerabilities in patient data security.
The investigation revealed that a former non-clinical staff member had used their credentials to access a patient's medical records illicitly.
Collection
[
|
...
]