Provisioning Workforce Access to Electronic Protected Health Information

In December 2018, Pagosa Springs Medical Center settled potential Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule violations and entered into a corrective action plan with the Office for Civil Rights (OCR) at the U.S. Department of Health & Human Services. The incident involved a former employee who continued to have remote access to Pagosa Springs Medical Centers web-based scheduling calendar for two months after the employees termination, which resulted in 557 individuals electronic protected health information...