New York and Presbyterian Hospital have agreed to a $3.3 million fine for a PHI breach following an investigation by the Office of Civil Rights in the Department of Health and Human Services.  Details of the case are here.

Some of the details and the amount of the fine are troubling for healthcare providers:

a. NYP impermissibly disclosed the ePHI of 6,800 patients to Google and other Internet search engines when a computer server that had access to NYP ePHI information systems was errantly reconfigured

b. NYP failed to conduct an accurate and thorough risk analysis that incorporates all IT equipment, applications, and data systems utilizing ePHI.

c. NYP failed to implement processes for assessing and monitoring all IT equipment, applications, and data systems that were linked to NYP patient data bases prior to the breach incident, and failed to implement security measures sufficient to reduce the risks and vulnerabilities to its ePHI to a reasonable and appropriate level.

RingRx, The Phone System for Doctors, keeps you compliant in one of the areas you may not be thinking about:  Your phone system.  Other cloud PBX systems are not compliant and you are exposed to PHI breaches and HIPAA violations.