HHS announces HIPAA breach settlement with hospice
AHA News Now
Jan 3, 2013
Hospice of North Idaho has agreed to pay the U.S. Department of Health and Human Services $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act security rule, the agency announced yesterday. The agreement is the first involving a breach of unprotected electronic protected health information affecting fewer than 500 people. HONI reported to HHS that an unencrypted laptop computer containing electronic protected health information for 441 patients had been stolen in June 2010. According to the HHS Office for Civil Rights, the hospice had not conducted a risk analysis to safeguard electronic protected health information, and did not have in place policies or procedures to address mobile device security as required by the HIPAA security rule. The agency said the hospice has taken extensive additional steps to improve its HIPAA privacy and security compliance program since the theft. HHS recently launched www.HealthIT.gov/mobiledevices, a website offering information to help health care providers protect and secure health information when using mobile devices.