New York State attorney general fines Rochester Medical Center for having a non-existent information security training program. An employee of the Medical Center released patient information to her future employer without gaining permission from the patients. Obviously, this is a huge infraction according to the HIPAA Security Rule.
Often we mention implementing an information security program into firms, and while security awareness training is a huge part of that program, often training is left out. If you secure every aspect of your technology, this does not ensure end to end security as information technology is only 45 percent of information security, if not less in other industries.
Having a sound information security plan will cover employees, IT Staff, executives, third parties, etcetera. This hospital should look to review their security program and solidify the weak areas before the fines begin to mount in other areas.
For more information, please contact The Knox Corps!