The Seattle Times reports that Washington's Skagit County has agreed to pay $215,000 and to undergo ongoing monitoring as part of a resolution agreement with the U.S. Department of Health and Human Services (HHS) following a 2011 breach that exposed protected health information (PHI) (h/t Modern Healthcare).
In September 2011, Skagit County discovered that receipts containing PHI had been mistakenly moved to a public Web server that was indexed by Google.
The receipts, which were for services provided between January 2011 and September 2011, included almost 1,600 patients' names, descriptions of services, and costs and dates of those services.
The county only became aware of the breach when a patient called to tell them she had found the information online.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Skagit County understands the importance of safeguarding our patients’ personal information and takes this responsibility very seriously," Skagit County privacy officer Donnie LaPlante said in a statement. "We regret that this incident occurred, and are committed to preventing any future occurrences."