Washington’s Yakima Valley Memorial Hospital resolves data breach affecting 419 people
Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that it has resolved medical insurance interoperability and accountability investigations through a settlement with Yakima Valley Memorial Hospital, a nonprofit regional hospital in Yakima, Washington. bottom. 1996 Act (HIPAA). The OCR investigated allegations that several security guards at Yakima Valley Memorial Hospital illegally accessed the medical records of 419 of his patients. HIPAA is a federal law that protects the privacy and security of protected health information. The HIPAA Privacy, Security, and Breach Notification Rules apply to most healthcare organizations and establish requirements that HIPAA-regulated organizations must follow to protect the privacy and security of healthcare information. To voluntarily resolve this issue, Yakima Valley Memorial Hospital paid $240,000 to develop policies and procedures to safeguard protected medical information and to train personnel to prevent this type of voyeurism in the future. Agreed to carry out the plan to renew.
“Data breaches caused by unauthorized access to patient records by current and former employees are a recurring problem across the healthcare industry. ,” said OCR Director Melanie Fontes-Rainer. “Organizations subject to HIPAA must implement robust policies and procedures to ensure that patient health information is protected from identity theft and fraud.”
In May 2018, OCR filed a breach notification that 23 security guards working in the emergency department of Yakima Valley Memorial Hospital used their login credentials to access patient medical records stored in Yakima Valley Memorial Hospital’s electronic medical records. Upon receipt of the report, we began an investigation of Yakima Valley Memorial Hospital. A system of records that has no work-related purpose. The information accessed included names, dates of birth, medical record numbers, addresses, specific notes regarding treatment, and insurance information.
As a result of the settlement agreement, Yakima Valley Memorial Hospital will be monitored by OCR for two years to ensure compliance with HIPAA security rules. Yakima Valley Memorial Hospital has agreed to take the following steps to bring the organization into compliance with his HIPAA rules.
- Conduct an accurate and thorough risk analysis to determine risks and vulnerabilities to electronically protected health information.
- Develop and implement a risk management plan to address and mitigate security risks and vulnerabilities identified in the risk analysis.
- Develop, maintain, and revise written HIPAA policies and procedures as necessary.
- Enhance existing HIPAA and security training programs and provide employee training on the latest HIPAA policies and procedures.
- Review all relationships with vendors and third-party service providers to identify counterparties and obtain counterparty agreements with them if not already in place.
The resolution agreement and corrective action plan are available at https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/akima-ra-cap/index.html.
OCR works to enforce HIPAA regulations that protect the privacy and security of people’s health information. If you believe the privacy or civil rights of your or someone else’s health information has been violated, he may file a complaint with the OCR at https://www.hhs.gov/ocr/complaints/index.html. increase.