HIPAA Horror Stories

Google Calendar Breach

one-minute read

When a hospital worker accessed patient information post-employment, HIPAA regulators hit the former employer with a $111,400 fine.

Administrators at Pagosa Springs Medical Center (PSMC), located in Southwest Colorado, thought their relationship with the employee was finished when the desk was cleared and the badge was returned.

Username and Password Management

Little did PSMC know that access to electronic protected health information (ePHI), in the form of a Google Calendar account, continued after the employee walked out the door.

The hospital had failed to deactivate the former employee’s Google Calendar username and password. The former employee continued to access the web-based calendar over the course of several months, leading to the impermissible disclosure of 557 patient records.

Google Calendar Access

Google Calendar was used by PSMC to schedule patient appointments.

During its investigation, the Office for Civil Rights also discovered the hospital had failed to obtain a signed Business Associate Agreement with Google.

A Business Associate Agreement is an important legal contract required by all non-clinical service providers who have access to patient records. It details how the ePHI will be maintained and managed.

In addition to the fine, PSMC is required to implement a corrective action plan.

Business Associate Agreement Failure

Does your business have a plan to protect patient information after an employee or contractor is terminated? What do your Business Associate Agreements look like?

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free