Federal regulators have imposed a $202,400 fine on the City Health Department in New Haven, Connecticut, for potentially violating the Health Insurance Portability and Accountability Act (HIPAA). In a statement, the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) stated the city of New Haven has agreed to pay the penalty and execute corrective measures to settle the lawsuit related to the 2016 data breach suit.
According to OCR, the city’s health department failed to terminate the access credentials of an ex-employee. It is found that the former employee continued to access citizens’ health records and shared her credentials with an intern. In 2016, the New Haven Health Department filed a breach report declaring that a former employee illegally downloaded a file that contained protected health information of over 498 individuals in a USB drive. The exposed information included the test results for sexually transmitted diseases along with patients’ names, dates of birth, gender, addresses, and origin.
Related Story: Failure in HIPAA Compliance Costs URMC $3 million fine
“Medical providers need to know who in their organization can access patient data at all times. When someone’s employment ends, so must their access to patient records,” said OCR Director Roger Severino.
Biggest HIPAA Fine
In one of the biggest HIPAA fines imposed by OCR in 2019, Jackson Health Systems, Florida, was charged for $2.15 million on account of multiple HIPAA violation instances. With an intent of identity theft, an employee of Jackson Health Systems leaked and sold around 2,000 PHI patient records. Read more…