Spencer Fane LLP Logo

HIPAA

$1,040,000 HIPAA Settlement for Stolen Unencrypted Laptop Breach — Why?

The United States Department of Health and Human Services reached an agreement with Lifespan Health System Affiliated Covered Entity (Lifespan ACE) in which Lifespan agreed to pay $1,040,000 and adopt a corrective action plan in the wake of its data breach that exposed over 20,431 patients’ protected health information. The breach occurred when an employee’s unencrypted laptop was stolen which contained electronic protected health information (ePHI) including: patients’ names, medical record numbers, demographic information, and medication information.

Providers Need to Take the “Necessary Steps” for HIPAA Compliance

On February 3, 2016, the U.S. Department of Health and Human Services issued a statement and released the opinion of the Administrative Law Judge who found in favor of the Office of Civil Rights (“OCR”) determining that a home health agency, Lincare, Inc. (“Lincare”) violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule requiring Lincare, to pay $239,800 in civil money penalties. All covered entities should review the opinion and the OCR’s comments and begin taking any and all “necessary steps” to ensure HIPAA compliance and to make certain protected health information is adequately protected.

Showing 1-10 of 2 results View All