St. Joseph Health in Irvine, Calif., will pay more than $2 million to settle allegations that its 14 hospitals and a host of other healthcare operations left personally identifiable records of 31,800 people exposed on a new computer server.
The government alleges St. Joseph failed to evaluate the server’s impact on the security of its IT systems. That left records exposed from Feb. 1, 2011, until Feb. 13, 2012. The latest HIPAA settlement is the Obama administration’s 12th this year. That’s a record number in any year since an HHS agency began to report enforcement actions against violators of HIPAA in 2008.