Memorial Healthcare System pays $5.5 million to settle HIPAA suit over lack of audit controls

Memorial Healthcare Systems has paid $5.5 million to settle HIPAA violations after the protected health information of 115,143 individuals was accessed by its employees and disclosed to affiliated physician office staff. A former employee’s login credentials were used to access the information on a daily basis without detection for a year. The health system failed to implement proper access controls and regular review of audit logs, making it easier for hackers or insiders to cover their tracks.