Incident Details
Mark Kevin Robison, a former vice president of Commonwealth Health Corporation, was sentenced to probation and ordered to pay restitution for a HIPAA violation involving unauthorized disclosure of patient health information.
Incident
How Did the Breach Happen?
Robison disclosed protected health information of patients to an unauthorized third party under false pretenses between 2014 and 2015 without proper authorization.
What Data has been Compromised?
Protected health information of patients of Commonwealth Health Corporation was compromised, including sensitive medical records and personal details.
Why Did the company's Security Measures Fail?
The company's security measures failed due to lack of proper authorization processes, oversight, and monitoring of data disclosures by high-level executives.
What Immediate Impact Did the Breach Have on the company?
The breach led to legal consequences for the former executive, financial penalties, and potential damage to the company's reputation and trust among patients.
How could this have been prevented?
- Implement strict access controls and authorization processes for data disclosure
- Conduct regular audits and monitoring of data access and sharing activities
- Provide comprehensive training on HIPAA regulations and data security protocols to all employees
What have we learned from this data breach?
- Importance of enforcing strict data access controls and authorization procedures
- Need for continuous monitoring and auditing of data sharing activities
- Significance of educating employees on HIPAA compliance and data security best practices
Summary of Coverage
Former vice president of Commonwealth Health Corporation, Mark Kevin Robison, was sentenced to probation and restitution for willfully disclosing patient health information without authorization, highlighting the critical need for robust data security measures and compliance with HIPAA regulations.