HIPPA: HHS fines $475,000 for not notifying of breach!

Well, we knew it was coming. Identity theft has been an issue for years but in the last few years  it’s been such a problem that even the Federal Register inserted verbiage that if anyone knew of a way to protect personal information, other than encryption to give them a call. HHS just fined a surgical center $474,000 because physical scheduling papers with patient personal information was on the wall in a surgical unit and was taken. The surgical unit didn’t follow the very stringent and costly protocols specifically requiring that all of the affected patients be notified of the breach within 60 days including what specific information was taken. You then have to notify the public, post, radio, t.v. and the D.A. of the breach and what details were breached.

Offices, nursing stations, literally any area with computers or information of any kind regarding residents has to be monitored closely. This is really the challenge. As for putting hardware on incoming and outgoing information in today’s world for a few hundred dollars a month, depending on how large your facility may be, you can have a box with a team on the other end who can literally keep the bad guys out and even give you a physical list of IP addresses of who tried to bust your door down but couldn’t. It’s the physical monitoring that’s a more difficult challenge. The consequences of not being in compliance and not putting systems in place for privacy and security of resident personal information could be devastating.


“Experts at Cyber Hacking prevention and Network Support”
Oasis Technology, Inc.
Tel. (805) 445-4833


By | 2017-04-24T16:28:29+00:00 February 8th, 2017|ePHI Breach, SNF/OBRA Regulatory Updates|

About the Author:

Lesley Powell is a 5 Star LNHA, NHAP & NAB/NCERS Approved CEU Provider assisting AIT's to pass the CA State and NAB Exams across the U.S. for over 9 years.