Losing a Laptop can cost you $2 Million dollars. Why?
The laptop had health information on it.
“Two entities have paid the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) $1,975,220 collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Security Rules. These major enforcement actions underscore the significant risk to the security of patient information posed by unencrypted laptop computers and other mobile devices.” Article.
The settlements underscore the importance of properly protecting devices with electronic PHI.
As an example, the following detail the facts of each case:
1. Concentra Health Services reported that an unencrypted laptop was stolen. The investigation revealed that Concentra had previously recognized in multiple risk analyses that a lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing electronic protected health information (ePHI) was a critical risk. While steps were taken to begin encryption, Concentra’s efforts were incomplete and inconsistent over time leaving patient information vulnerable.
Concentra has agreed to pay OCR $1,725,220 to settle potential violation.
2. In February 2012, a report was received from QCA Health Plan, Inc. of Arkansas reporting that an unencrypted laptop computer containing the health information of 148 individuals was stolen from an employee’s car. While QCA encrypted their devices following discovery of the breach, they failed to comply the HIPAA Privacy and Security Rules.
QCA agreed to a $250,000 settlement
HIPAA obligations are not new. Healthcare providers should be up to date on the requirements. Moreover, healthcare providers should be encrypting their devices to protect against a potential breach.
If you or your entity needs assistance with the intricacies of protecting and safeguarding health information, please do not hesitate to contact our office – we can help. For assistance CLICK HERE.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.