Security Guards Snooping and $240K

Yakima Valley Memorial Hospital (YV) in Washington settled with the Office of Civil Rights (OCR) after OCR's investigation alleged that several YV security guards impermissibly accessed 419 individuals' medical records. Interestingly, the settlement only details that YV potentially violated the requirement to "...implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of the Security Rule..."

The settlement includes a two-year corrective action plan (CAP) that includes YV agreeing to:

• conduct a risk analyis

• develop and implement a risk management plan

• develop and promulgate policies and procedures to its workforce

• conduct training

• review business associate contracts, and

• provide an annual report to OCR

We cannot help but wonder what else wasn't good with YV, to include so many CAP requirements, if all that was missing or non-compliant was policies and procedures. Regardless, we empathize with the remainder of the YV staff that was trying to be compliant and with the patients affected. Click the link to read the HHS announcement.

Stay (HIPAA) safe, Alan -