St. Joseph Health will pay $2,140,500 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Rules.
At issue, according to the Office for Civil Rights, which oversees HIPAA rules, were files containing electronic protected health information that were publicly accessible through internet search engines from 2011 until 2012.
SJH, a nonprofit integrated Catholic healthcare delivery system sponsored by the St. Joseph Health Ministry, will also adopt a comprehensive corrective action plan as part of the settlement.
The health system operates 14 acute care hospitals, home health agencies, hospice care, outpatient services, skilled nursing facilities, community clinics and physician organizations throughout California and in parts of Texas and New Mexico.
On Feb. 14, 2012, SJH reported to OCR that certain files it created for its participation in the meaningful use program, which contained electronic PHI, were publicly accessible on the Internet from Feb. 1, 2011, until Feb. 13, 2012, via Google and also perhaps through other search engines.
Author: Bernie Monegain