For the first time, the office of civil rights (“OCR”) penalized a covered entity for failure to implement audit procedures to review, modify, and/or terminate users’ right of access. More than 100,000 individuals had their electronic protected Heath Information (“EPHI”) records impermissibly disclosed. The settlement agreement with memorial healthcare system (“MHS”) to settle potential violations of HIPAA included a robust corrective action plan and the second largest HIPAA fine levied against a covered entity to date: $5.5 million.
MHS operates the fourth largest public healthcare system in the united states. In addition to its own services, it participates in an organized health care arrangement (“OHCA”), affiliating itself with a network of physician offices.
At the root of this breach was MHS’s failure to follow its own policies and deactivate the login credentials of a former employee from an affiliated physician’s office. 
Telegenisys has instituted physical, technical and administrative safeguards to ensure that client data is safe from unauthorized access. This includes all forms of medical records and electronic private health information. Know more