Monday, September 24, 2012
In 2010, a Doctor's computer containing unencrypted patient data was stolen from Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI). The Department of Health and Human Services Office for Civil Rights (OCR) investigated the incident after the hospital released a data breach report. The investigation found that MEEI failed to take necessary steps to protect patients' information from unauthorized users.
Recently, that hospital has agreed to pay $1.5 million to the federal government to settle allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) by failing to properly protect patients' protected health information. The hospital commented that it was disappointed by the size of this settlement, as no patients were harmed in this data breach. However, in addition to the settlement, MEEI also agreed to a corrective action plan that will review and revise its policies to comply with the Security Rule within HIPAA requirements.
An incident like this could happen to attorneys if any of their portable devices were stolen. One thing attorneys should take away from this event is to take extra caution in protecting confidential information.
See Kendra Casey Plank, Massachusetts Hospital Agrees to Pay $1.5M to Settle HIPAA Violation Allegations, Bloomberg BNA, Sept. 19, 2012.
Special thanks to Brian Cohan (Attorney at Law, Law Offices of Brian J. Cohan, P.C.) for bringing this blog to my attention.