[ Wednesday, January 02, 2013 ]
First Data Breach Fine for a "Small" Breach: HHS has fined Hospice of North Idaho
Jeff [4:10 PM]
$50,000 for a data breach involving the theft of a laptop containing unencrypted PHI of 441 patients. Turns out the hospice operator hadn't done a risk analysis.
A couple of take-aways. First, even small breaches will attract attention, and HHS isn't afraid to fine someone just because they're a small operator or because their breach was small. Second, lost devices are, and will continue to be, the biggest area of HIPAA data breaches. Third, the power and value of encryption continue to be evident; encryption would have prevented this data breach.
UPDATE: "A new
educational initiative, Mobile Devices: Know the RISKS. Take the STEPS.
PROTECT and SECURE Health Information, has been
launched by OCR and the HHS Office of the National Coordinator for Health
Information Technology (ONC) that offers health care providers and organizations
practical tips on ways to protect their patients’ protected health information
when using mobile devices such as laptops, tablets, and smart phones.
For more information, tips, and steps on protecting and securing health
information when using a mobile device visit www.HealthIT.gov/mobiledevices."
Blogger: HIPAA Blog - Edit your Template