File this story under “HIPAA Horrors.”
A radiation oncology group in Indiana has agreed to pay $750,000 to settle potential HIPAA violations, says HHS. The problem started with a laptop bag stolen from a practice employee’s car three years ago. The laptop itself did not contain ePHI, but the stolen laptop bag also contained a backup device housing names, Social Security numbers, insurance information and other details for 55,000 patients.
So it was an accident, right? Why the huge fine? Back when the laptop was stolen, the practice hadn’t done a HIPAA risk analysis and didn’t have a privacy compliance policy that warned employees not to take devices containing ePHI out of the facility.
Feeling like a HIPAA risk assessment is long overdue at your health care organization? Go here to start solving the problem.
More HIPAA Help via this on-demand webinar: