Linked – Failure to terminate access of departing employee leads to HIPAA penalty

posted in: Tech 0 |
Reading Time: 1 minute

This seems like such a silly mistake:

“A critical access hospital in Colorado will pay $114,000 in a settlement with the Office of Civil Rights (OCR) stemming from the failure to terminate a former employee’s access to a hospital containing protected health information (PHI).”

But, of course, it’s not silly when you are being fined for it, or a former employee causes a breach. Still, of all the fires to be put out during a typical IT work day, getting their access turned off may not seem like the most important thing to be done right away.

It is though, and the proper notifications and processes need to be in place to make sure it happens. It’d be a shame to develop and purchase all these tools to secure our systems only to leave them vulnerable because no one is keeping track of when people leave and need to be cut off.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.