News Briefs: December 17, 2018

◆ Pagosa Springs Medical Center (PSMC), a critical access hospital in Colorado, has agreed to pay $111,400 to settle potential HIPAA privacy and security violations, the HHS Office for Civil Rights (OCR) said Dec. 11. OCR said the settlement resolves a complaint alleging that a former employee had remote access to PSMC’s web-based scheduling calendar after leaving the job. The calendar contained patients’ electronic protected health information, OCR said. “OCR’s investigation revealed that PSMC impermissibly disclosed the ePHI of 557 individuals to its former employee and to the web-based scheduling calendar vendor without a HIPAA required business associate agreement in place,” OCR said. When OCR conducted its investigation, PSMC provided more than 17,000 hospital and clinic visits every year and employs more than 175 individuals, OCR said. In a two-year corrective action plan that’s part of the settlement, PSMC agreed to update its security management and business associate agreement and policies and procedures, and train members of its workforce. View the resolution agreement at http://bit.ly/2rCmcEQ.

This document is only available to subscribers. Please log in or purchase access.


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field