[ Wednesday, January 10, 2018 ]


Charles River Medical Associates (Massachusetts): This radiology group lost a hard drive containing the bone density scan PHI of almost 10,000 people.  Where'd it go?  Who knows.  Will the data fall into the wrong hands (and if it did, would it harm anyone)?  Unlikely.  Will CRMA get fined?  Maybe (especially if, "upon further review," it becomes clear that the group didn't have good HIPAA policies and procedures and didn't do a good risk analysis).  Would we even know about this if the drive was encrypted?  Nope. 

Folks, encrypt data at risk.  Is it required?  No.  Then why should you do it?  To save yourself a report and a fine, not to mention better protecting your patients' data.  Aren't you here to serve them? 

Am I asking too many questions?

Jeff [9:11 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template