What is happening with HIPAA breaches and fines? The Hospice of North Idaho (HONI) has greed to pay the US Department of Health and Human Services (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. This is the first settlement involving a breach of unprotected electronic protected health information (EPHI) affecting fewer than 500 individuals.
The investigation conducted by the HHS Office for Civil Rights (OCR) followed a breach report submitted by HONI as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act reporting the theft of a laptop computer containing the electronic protected health information (EPHI) of 441 patients. Over the course of the investigation, OCR discovered that HONI had not conducted a risk analysis to safeguard EPHI. Further, HONI did not have in place policies or procedures to address mobile device security as required by the HIPAA Security Rule.
Don’t leave yourself vulnerable. Get compliant….stay compliant.