logo
Questions? +1 (202) 335-3939 Login
Set Up FREE Account Submit Release
Trusted News Since 1995
A service for business professionals · Tuesday, April 16, 2024 · 704,181,288 Articles · 3+ Million Readers
Got News to Share? Send 2 FREE Releases
News Search | All News Topics > Employment News Topics: By Country | By State ; Press Releases by Industry Channel > All Employment Press Releases

Colorado hospital failed to terminate former employee’s access to electronic protected health information

Pagosa Springs Medical Center (PSMC) has agreed to pay $111,400 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services and to adopt a substantial corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.  PSMC is a critical access hospital that at the time of OCR’s investigation, provided more than 17,000 hospital and clinic visits annually and employs more than 175 individuals.

The settlement resolves a complaint alleging that a former PSMC employee continued to have remote access to PSMC’s web-based scheduling calendar, which contained patients’ electronic protected health information (ePHI), after separation of employment. OCR’s investigation revealed that PSMC impermissibly disclosed the ePHI of 557 individuals to its former employeeand to the web-based scheduling calendar vendor without a HIPAA required business associate agreement in place. 

Under the two-year corrective action plan, PSMC has agreed to update its security management and business associate agreement policies and procedures and  train its workforce members regarding the same.

“It’s common sense that former employees should immediately lose access to protected patient information upon their separation from employment,” said OCR Director Roger Severino.  “This case underscores the need for covered entities to always be aware of who has access to their ePHI and who doesn’t.”

Covered entities that do not have or follow procedures to terminate information access privileges upon employee separation risk a HIPAA enforcement action. Covered entities must also evaluate relationships with vendors to ensure that business associate agreements are in place with all business associates before disclosing protected health information.  The resolution agreement and corrective action plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/pagosasprings.

Powered by EIN Presswire
Distribution channels: Healthcare & Pharmaceuticals Industry


EIN Presswire does not exercise editorial control over third-party content provided, uploaded, published, or distributed by users of EIN Presswire. We are a distributor, not a publisher, of 3rd party content. Such content may contain the views, opinions, statements, offers, and other material of the respective users, suppliers, participants, or authors.

Submit your press release

International Employment Today by EIN Newsdesk & EIN Presswire (a press release distribution service)

Follow us on Facebook & Twitter and connect with us on LinkedIn

Newsmatics Inc., 1025 Connecticut Avenue NW, Suite 1000, Washington, DC 20036 · Contact · About

© 1995-2024 Newsmatics Inc., a publisher of EIN News · All Rights Reserved · Privacy Policy · User Agreement