Violation of HIPAA Rules at MUSC
A recent report revealed that the Medical University of South Carolina suspended 13 employees last year due to HIPAA violations. These employees intentionally snooped into the private data of patients, a clear violation of policy. Employee actions such as snooping, are hard to prevent. However, when an organization clearly enforces policy and takes a heavy-handed approach with security violations, they demonstrate “due care”, a requirement under most regulations.
Looking at other violations, the Department of Health and Human Services claimed that in 2017, there were 58 total data breach cases in the hospital and over the past 5 years, 307 data breach cases occurred. The number of breaches, not surprisingly, lead to the firing of 30 members of the non-physician staff but, due to MUSC acting swiftly, the authorities ignored most of these infractions.
This information may lead you to believe that MUSC was fined millions of dollars for the exposed patient information. However, we were unable to locate any information that indicates they incurred any fines. Cases such as this happen regularly, organizations can avoid fines if they act quickly in the face of a breach and demonstrate due care. Fines occur when healthcare organizations do not take patient privacy seriously but clearly, MUSC does.
Enforcement of HIPAA Law
As already seen, not all organizations are fined after a breach. Organizations, like MUSC, who take action as soon as possible and report the breach, are doing what is right by their patients and the Office of Civil Rights and the HHS recognize the effort. The lesson for companies to learn here is that breaches are going to happen but how you handle them determines your fate.
For more information…
Co-founder + Ethical Hacker
Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.