St. Joseph Health to pay $2M HIPAA settlement

Irvine, Calif.-based St. Joseph Health has agreed to pay a $2.14 million fine to settle claims that the health system violated HIPAA, according to

Officials claim St. Joseph Health did not change the default settings on its new server, which allowed members of the public to access 31,800 patients' personal health information.

In February 2012, HHS' Office of Civil Rights launched an investigation into St. Joseph Health after the system reported files containing its patients' information were accessible online in 2011 due to the server malfunction.

"The server SJH purchased to store the files included a file sharing application whose default settings allowed anyone with internet connection to access them," reads a statement from HHS' Office of Civil Rights. "Upon implementation of this server and the file sharing application, SJH did not examine or modify it. As a result, the public had unrestricted access to PDF files containing the [electronic protected health information] of 31,800 individuals, including patient names, health statuses, diagnoses and demographic information."

Along with the fine, St. Joseph Health agreed to implement a corrective action plan to help prevent similar situations from occurring again.

More articles on health IT:
HealthTap launches new search tool
Venture capital funding for health IT totals $1.25B in Q3 2016 — 8 top-funded areas
Sutter Health, Validic collaborate on pilot program to better deliver patient-generated data to care teams

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Whitepapers

Featured Webinars