The Office for Civil Rights at the HHS slapped the Texas Health and Human Services Commission with a $1.6 million fine for HIPAA violations, according to a Nov. 7 news release.
Specifically, the OCR was penalizing the Department of Aging and Disability Services for its data breach in 2015. The department reorganized into the Texas Health and Human Services Commission in September 2017.
In a report to the OCR, the department indicated that the electronic protected health information of 6,617 individuals was accessible online. Patient data that was exposed included names, addresses, Social Security numbers and treatment information.
The department said during the move of an internal application from a private server to a public server a flaw in the software code allowed unauthorized users access to individuals' information. The OCR investigation found that the department failed to conduct and enterprise-wide risk analysis and implement access and audit controls for its information systems and applications.
"Covered entities need to know who can access protected health information in their custody at all times," said the OCR Director Roger Severino. "No one should have to worry about their private health information being discoverable through a Google search."
More articles on legal and regulatory issues:
Tenet agrees to pay $66M to resolve kickback lawsuit
Ex-CMO sues Wyoming hospital for $38M, says he was forced to resign for reporting substandard care
Judge blocks health insurance requirement for immigrant-visa applicants