Topics
Reimbursement
Hospitals sue HHS over disproportionate share hospital payment
Hospitals sue HHS over DSH hospital payments
Revenue Cycle Management
Hospitals are leveraging AI to improve revenue cycle
Hospitals are leveraging AI to improve revenue cycle
Strategic Planning
Walgreens considering selling all of its VillageMD business
Walgreens considering selling all of its VillageMD business
Capital Finance
Risant Health to invest $1 billion in Cone Health
Risant Health to invest $1 billion in Cone Health
Supply Chain
FDA tells providers to prepare for supply chain disruptions
FDA to providers: Prepare for supply chain disruptions
Accounting & Financial Management
Advocate Health forgives medical debt linked to real estate liens
Advocate Health forgives medical debt linked to real estate liens
Budgeting
Insurers likely to pay $1.1 billion in rebates this fall
Insurers likely to pay $1.1 billion in rebates this fall
Quality and Safety
Free COVID-19 tests are now available
Free COVID-19 tests are now available
Billing and Collections
CMS reports over 12,000 No Surprises Act violations 
CMS reports over 12,000 No Surprises Act violations 
Claims Processing
Johns Hopkins Health Plans announces multi-payer portal
Johns Hopkins Health Plans announces multi-payer portal
Workforce
Feds grant $100 million to grow healthcare workforce
Feds grant $100M to grow healthcare workforce
Operations
Dana-Farber CEO and president to step down
Dana-Farber CEO and president to step down
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Christus Health to see $25 million expansion at Texas hospital
Christus to see $25M expansion at Texas hospital
Compliance & Legal
CVS' Oak Street Health paying $60M over alleged Medicare Advantage kickbacks
CVS' Oak Street paying $60M over alleged MA kickbacks
Policy and Legislation
HHS investing $75 million in rural healthcare infrastructure
HHS investing $75 million in rural healthcare infrastructure
Community Benefit
Nonprofit hospitals' charity care falling behind tax breaks, report shows
Report: Hospitals' charity care falling behind tax breaks
Accountable Care
ACO REACH changes more negative than positive, says participant
ACO REACH changes not positive, says participant
Acute Care
AHA: Hospitals improve patient safety measures above pre-pandemic levels
AHA: Hospitals improve patient safety measures
Ambulatory Care
Walmart announces closing of clinics and virtual care
Walmart is closing clinics and virtual care
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
Mass General, Tampa General deepen affiliation to advance specialty care
Mass General, Tampa General team on advance specialty care
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Average premiums for Medicare Advantage, Medicare Part D to decrease, CMS says
CMS: MA and Part D premiums to decrease in 2025
Patient Engagement
Patients see narrow networks in ACA marketplace plans, KFF finds
KFF: Patients see narrow networks in ACA marketplace plans
Pharmacy
Novo Nordisk CEO grilled on high prices of Ozempic and Wegovy
Novo Nordisk CEO grilled on high prices of Ozempic and Wegovy
Population Health
Demand for age-friendly care soars as older population grows
Older population creating demand for age-friendly care
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Patients less likely to seek virtual behavioral care when paying out-of-pocket
Patients who pay cost-sharing less likely to seek virtual care
Mergers & Acquisitions
Cardinal Health to acquire Integrated Oncology Network for $1.1B
Cardinal Health to acquire Integrated Oncology Network for $1.1B
View more
Dec 19, 2018 More on Compliance & Legal

Pagosa Springs Medical Center settles with OCR over hospital's failure to terminate former employee's access to PHI

A complaint said a former PSMC employee continued to have remote access to PSMC's web-based scheduling calendar even after separation of employment.

Beth Jones Sanborn, Managing Editor

Pagosa Springs Medical Center has agreed to pay $111,400 to the Office for Civil Rights and will adopt a "substantial" corrective action plan to settle a complaint that alleged HIPAA violations stemming from a former employee that had access to electronic private health information following separation of employment, according to the Department of Health and Human Services.

PSMC is a critical access hospital in Colorado. At the time of OCR's investigation, it provided more than 17,000 hospital and clinic visits annually and employed more than 175 individuals.

The complaint said a former PSMC employee continued to have remote access to PSMC's web-based scheduling calendar even after separation of employment. The calendar contained patients' electronic protected health information (ePHI). An OCR investigation revealed that PSMC "impermissibly disclosed the ePHI of 557 individuals to its former employee and to the web-based scheduling calendar vendor without a HIPAA required business associate agreement in place."

WHY IT MATTERS
Under the two-year corrective action plan, PSMC will update its security management and business associate agreement, policies and procedures, and train its workforce members regarding the same.

THE TREND

While ransomware and malware are top of mind as potential threats to security, many times security risks exist within the walls of a hospital as well. Everything from phishing emails to stolen laptops have given way to breaches or near-misses. Organizations that don't have or don't adhere to procedures to terminate information access privileges upon employee separation can face HIPAA enforcement action. Additionally, organizations would do well to examine vendors relationships and ensure that the needed business associate agreements are in place.

ON THE RECORD
"It's common sense that former employees should immediately lose access to protected patient information upon their separation from employment," said OCR Director Roger Severino. "This case underscores the need for covered entities to always be aware of who has access to their ePHI and who doesn't."

Pagosa Springs Medical Center had not responded to a request for comment at the time of publishing.

Twitter: @BethJSanborn
Email the writer: beth.sanborn@himssmedia.com

News
Ending racism in healthcare often begins with medical education - and is the target of a new national project Ending racism in healthcare often begins with medical education - and is the target of a new national project Inequities can be found in every facet of the industry, but targeting medical students and residents can help stem the tide.