[ Thursday, January 02, 2014 ]
Interesting NJ Case: An employee of Omnicell, a vendor of pharmacy management computing services (and a business associate) of a slew of hospitals, had a laptop stolen. The laptop contained names and PHI of a bunch of patients of the hospitals. The laptop was password protected, but not encrypted. I
blogged about the breach about a year ago.
One of the patients filed a class action lawsuit against Omnicell and the slew of hospitals. But the
federal court threw them out, because they could not prove damages. I did not hear of a settlement with OCR, so that's still potentially out there. To some extent, this case proves that the administrative fines are likely to be worse than the potential legal claims of victims, since it's so hard to show damages for a HIPAA breach.
Jeff [6:35 PM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template