Small healthcare provider pays huge security fine after the theft of an unencrypted laptop

Reblogged from RISC Consulting:

Click to visit the original postIf you think your organization is too small to attract the attention of the U.S. Department of Health and Human Services, think twice.
The department recently settled a security dispute with a hospice in Idaho for $50,000. The potential violation of the Security Rule of the Health Insurance Portability and Accountability Act of 1996 involved a data breach of health information affecting 441 patients.

Read more… 448 more wo

RISC Management and Consulting

If you think your organization is too small to attract the attention of the U.S. Department of Health and Human Services, think twice.
The department recently settled a security dispute with a hospice in Idaho for $50,000. The potential violation of the Security Rule of the Health Insurance Portability and Accountability Act of 1996 involved a data breach of health information affecting 441 patients.

Mobile devices collage
The Hospice of North Idaho agreed to pay $50,000 to settle potential violations after an unencrypted laptop computer containing the electronic protected health information of the patients had been stolen in June 2010.
Field workers for the hospice use laptops containing patient information as a regular component of their workflow. In an investigation by the Department of Human Services’ Office for Civil Rights, it was revealed the hospice had not conducted a risk analysis to safeguard the electronic patient information and didn’t have policies or procedures…

View original post 361 more words

Advertisements