HIPAA Horror Stories

The Texas-Sized Breach

one-minute read

When it comes to the HIPAA Security Rule, even State Agencies aren’t exempt.

A Texas health agency failed to follow Health Insurance Portability and Accountability Act (HIPAA) rules, leading to a $1.6 million penalty.

HIPAA Security Rule Breach Caused By Information Technology Mistake

In 2015, The Department of Aging and Disability Services (DADS), a division of the Texas Health and Human Services Commission, reported a HIPAA Security Rule breach in its digital information system.

A misconfigured server compromised the electronic private health information (ePHI) of over 6,000 physically and mentally disabled patients.

The Office for Civil Rights, the federal agency responsible for investigating HIPAA violations, announced the action against TX HHSC on November 7, 2019.

The HIPAA Security Rule

The HIPAA Security Rule is a federal law that ensures Covered Entities, and Business Associates protect patient health data from unauthorized access.

The HIPAA Security Rule breach made the records easily searchable on the internet.

Covered entities need to know who can access protected health information in their custody at all times,” said OCR Director Roger Severino. “No one should have to worry about their private health information being discoverable through a Google search.

–Roger Severino, Office for Civil Rights Director

HIPAA Security Rule Violations Signal Other Problems

As usual, when the OCR launched an investigation into the HIPAA Security Rule breach, it found more problems.

DADS, it was discovered, failed to conduct an enterprise-wide Risk Analysis.

DADS also failed to provide access and audit controls on its information systems and applications, as required by HIPAA Security Rule.

Details of the case can be found at the Federal Health and Human Services website.

How would your agency fare in an OCR Audit? What would you do if you discovered a HIPAA Security Breach at your organization? Are you performing regular HIPAA Risk Analyses?

If your answers are less-than-comforting, we’re here to help.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free