[ Tuesday, April 25, 2017 ]
"First Ever HIPAA Settlement with a Wireless Health Service!"
Jeff [2:24 PM]
Feh. This is just
an unencrypted laptop theft by someone without a good Risk Analysis story to tell.
CardioNet provides remote monitoring of patients with severe arrhythmia. An employee had her laptop stolen from her car. It had PHI of about 1400 patients on it, and was not encrypted. Fail.
CardioNet had done some form of risk analysis, and had some risk management policies and procedures drafted up, but never finalized them. Also, they couldn't produce final policies and procedures for any safeguards. Fail again.
Net result: $2.5 million. That's real money, folks.
That being said, "wireless" is a red herring. They could've been a brick and mortar business and still lost an unencrypted laptop. Being a wireless company is just coincidence.
Blogger: HIPAA Blog - Edit your Template