HIPAA Blog

[ Wednesday, January 02, 2013 ]

First Data Breach Fine for a "Small" Breach: HHS has fined Hospice of North Idaho $50,000 for a data breach involving the theft of a laptop containing unencrypted PHI of 441 patients. Turns out the hospice operator hadn't done a risk analysis.

A couple of take-aways. First, even small breaches will attract attention, and HHS isn't afraid to fine someone just because they're a small operator or because their breach was small. Second, lost devices are, and will continue to be, the biggest area of HIPAA data breaches. Third, the power and value of encryption continue to be evident; encryption would have prevented this data breach.

UPDATE: "A new educational initiative, Mobile Devices: Know the RISKS. Take the STEPS. PROTECT and SECURE Health Information, has been launched by OCR and the HHS Office of the National Coordinator for Health Information Technology (ONC) that offers health care providers and organizations practical tips on ways to protect their patients’ protected health information when using mobile devices such as laptops, tablets, and smart phones. For more information, tips, and steps on protecting and securing health information when using a mobile device visit www.HealthIT.gov/mobiledevices."

Jeff [4:10 PM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template