A Miami-area hospital was tagged with a $5.5 million fine recently for HIPAA violations. Among the multitude of violations that were cited was one we’ve seen in some of the HIPAA security risk assessments we’ve performed: poor access management, including not disabling access for terminated or former employees. Not disabling those accounts can cost you.
When an employee leaves (voluntarily or otherwise), the first step – especially in a regulated environment like a health clinic – is immediately revoking, disabling and removing that employee’s access to all systems, applications, and platforms in the company’s control. That’s why we generally put a high priority on all user termination tickets at HIPAA-regulated environments.
While we’re taking care of it the best we can, sadly, it’s not happening like it should everywhere. Research found that nearly 90% of employees still have access to one application or to proprietary and confidential corporate data after leaving a company.
And in this particular case, those employees were up to no good and were stealing identities of patients and filing false tax returns. If those employees’ access had been turned off, the damage would have been far less severe.
Weston Technology Solutions performs HIPAA security risk assessments in Anchorage and Bend. Remember that HIPAA assessments are not optional. Email our team or call us today to find out more details.