A U.S. city will pay the Department of Health and Human Services’ Office for Civil Rights $202,400 for non-compliance. New Haven, Connecticut, didn’t deny access and left confidential health information available to a former employee. The Office for Civil Rights initiated the investigation of the incident in 2017 as soon as the city notified the office. New Haven is to adopt an action plan the part of which is a two-year monitoring to settle the case under HIPAA.

The dismissed employee returned one week after being fired during a trial period. She opened the door with her key, logged in and took all the needed data using a USB flash drive. She also collected paper documents before leaving her former office. The stolen files contained the medical records of about 500 patients. Names, addresses, dates of birth, race/ethnicity and gender were among the leaked details of the individuals who made tests to sexually transmitted diseases.

Moreover, she shared her access rights with an intern who could read and use PHI with the employee’s login credentials. Like this the intern could access the network after the staffer’s dismissal.

New Haven is said to have failed to conduct sufficient and adequate risk management and disregarded staff termination procedures.

Learn more about employee monitoring