HHS just handed out $4.8 million worth of HIPAA fines to New York and Presbyterian Hospital and Columbia University. 6,800 ePHI records were breached by poor server deactivation procedures exposing those patient records to internet search engines. The organizations learned of the breach when a deceased patient’s partner found the former patient’s ePHI on the internet. Poor risk management and a failure by the organizations to implement their own policies and procedures contributed to the huge fine.
Read the whole story here http://tinyurl.com/mtpd8hg.