Oklahoma Department of Health Services found the data breach. While the management was notifying the patients for the breach, they found another data beach. Now after more than 18 months, when the breach rule was passed, the OCR was informed. OCR instructed the Oklahoma department to re-inform the patients for the new breach according to the HIPAA rules and requirements.
The data breach occurred when the unauthorized individual got the access to the computer of the department. The research shows that the computer contained the information of the clients and even all the patients of the hospital. The sacrificed data contained the name of the patients, date of birth, addresses and the SSN.
After identifying the data breach, the college improved the security of the computers to avoid all the threats in future. The management also implemented new checks to monitor the data breaches. The management notified the breach information to HHS office in May while the patients were notified on 2016 August. However, the management did not send any breach to HHS office for the civil rights.
Now, the cost of re-notification to the 47,000 patients have been recovered by Oklahoma Department of Human Services. They sacrificed the HIPAA rules and did not notify the patients. For this, they need to pay for the HIPAA rules scarification. In the starting of the year, the OCR send notification to all the healthcare institutes that HIPAA breach rules will not be sacrificed and the entity will have to bear the fine of $475,000 for the delays in the notifications to the patients.