St. Joseph Health to pay $2M HIPAA settlement

Irvine, Calif.-based St. Joseph Health has agreed to pay a $2.14 million fine to settle claims that the health system violated HIPAA, according to

Officials claim St. Joseph Health did not change the default settings on its new server, which allowed members of the public to access 31,800 patients' personal health information.

In February 2012, HHS' Office of Civil Rights launched an investigation into St. Joseph Health after the system reported files containing its patients' information were accessible online in 2011 due to the server malfunction.

"The server SJH purchased to store the files included a file sharing application whose default settings allowed anyone with internet connection to access them," reads a statement from HHS' Office of Civil Rights. "Upon implementation of this server and the file sharing application, SJH did not examine or modify it. As a result, the public had unrestricted access to PDF files containing the [electronic protected health information] of 31,800 individuals, including patient names, health statuses, diagnoses and demographic information."

Along with the fine, St. Joseph Health agreed to implement a corrective action plan to help prevent similar situations from occurring again.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars