HIPAA violations could cost your company time and money. Being in complete compliance can help your company avoid fines that can accumulate over time. Touchstone is a diagnostic medical imaging services company based out of Tennessee. Touchstone Medical Imaging recently agreed to pay $3,000,000 to the Office for Civil Rights at the U.S. Department of Health and Human Services. This was in order to take a corrective action plan so that any potential violations of the Health Insurance Portability could be corrected. Also, the Accountability Act Security and Breach Notification Rules. Touchstone violated HIPAA rules and regulations. The violation affected over 300,000 patients whose information was slowly increasing exposure.
May 2014 was when Touchstone was first aware by the Federal Bureau of Investigation and OCR that one of its FTP servers was allowing uncontrolled access to any of the patient’s health information that is supposed to be protected. Because of this, it allowed search engines to index the PHI of Touchstone’s patients. This was very visible on the internet even though the server was offline. Touchstone denying first the patient information being not secure. During the OCR’s investigation Touchstone eventually said that more than 300,000 of the patient information was not meeting HIPAA requirements. The leak of this information included social security numbers, addresses, full names, and birthdates.
Touchstone will now be undertaking a corrective action plan that will include the adoption of business association agreements, completion of enterprise-wide risk analysis, and comprehensive policies and procedures with the HIPAA Rules.
To avoid fines such as the ones above, it is important to make sure employee and patient information are secure at all times. HIPAA is the United States legislation in place to keep medical information safe.