top banner 2

  The Security Universe at Your Fingertips:
     Attend iSecurity, Thursday, June 13, 2013, 10:00 am - 4:00 pm ETwww.isecuritytradeshow.com

Most Popular Stories

LA Police Sued Over License Plate-Reading Camera Data

Brawl on Everest Prompts Security Vow

How Boston’s Hotels Maintained Security after the Marathon Bombings

Security 500 Returns West for Cyber Security, GSOC Discussions

Getting Smart about Smartphone Security

Most Emailed Stories

Database Security Best Practices

Evaluating the Role of Security Officers Today

10 Ways to Prevent Workplace Violence Escalation

Boardroom Trends Go Viral

Got GSOC?

Recent Discussions

- Boston Bombings Reveal Holes in Event, Stadium Security

Mgr. - How Will Big Data Change Security?

Mgr - Brightening the Night with Day/Night Cameras

- 10 Ways Military Veterans are Ideal for Physical Security Sector

frjosephanton.co.uk - Top U.S. Airport for Confiscated Guns?

Print & Digital Edition Subscriptions

Security eNewsletter & Other eNews Alerts

Online Registration

Subscription Customer Service

Home » Stolen Laptop Leads to HIPAA Violation and $1.5 Million Fine
Data Should Have Been Encrypted

Stolen Laptop Leads to HIPAA Violation and $1.5 Million Fine

Mandate Includes Better Security

September 24, 2012
One Comment
KEYWORDS laptop theft / hospital security / hospital security assessment / regulations
 / Print / Reprints /
ShareMore
/ Text Size+
Larger Smaller
[X]

Related Articles

Report says healthcare industry continues to overlook critical gaps in data security

State of Alaska Fined $1.7 Million for Security Breach

Why Healthcare Records Are a Hacker’s Holy Grail

How Dumpsters Cause Data Breaches

67,000 Phones Likely to Be Lost or Stolen During Olympics

Password Proliferation Alleviated

Related Products

Securing SCADA Systems

Physical and Logical Security Convergence

Related Events

Cloud Security Alliance CCSK Training (May 22, 2012)

Cloud Security Alliance CCSK Training (May 02, 2012)

Massachusetts Eye and Ear Infirmary, a Boston hospital, agreed to pay $1.5 million to the U.S. Department of Health and Human Services September 17, settling a HIPAA violation stemming from a 2010 incident. Two years ago, while a doctor was traveling abroad, his unencrypted laptop containing information on roughly 3,500 patients, including patient prescriptions and other clinical information was stolen.

According to an alert then, the laptop contained no billing data but did contain patients’ names, addresses, telephone numbers, emails, and other identifiable information. While it was never confirmed any patients had their information breached, the hospital informed HHS of the incident and an investigation was initiated. The investigation found the hospital failed to comply with six areas of HIPAA between October 2009 and June 2010. MEEI failed to implement security measures sufficient to ensure the confidentiality of electronic protected health information and conduct a thorough analysis of the risk to the confidentiality of electronic protected health information maintained on portable devices, among other steps, said a press release obtained by Security magazine Blog.

Besides the fine, the hospital and its security operation must also follow a new Corrective Action Plan that outlines steps to ensure it complies with HIPAA, perform risk assessment, and train its staff. It must also submit to semi-annual audits for 3 years.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Mgr.

Michal Hrican
October 8, 2012
the main approach to keep any security rules and protect their clients is to be more carefull and implement rules which are neseccary for smoth velocity of the company. this case can show us that the security executives in reported hospital was almost none. the staff were donig what they want and didnt care. they didnt think that someone can be stolen.that the clients are in danger.that somebody can misuse their very sencitive information and take an advantage. the first rule is not take any unsecure information out of firm.

Multimedia

Videos

Image Galleries

Looking Ahead in 2013

Looking Ahead in 2013

Podcasts

Changing the Perception of Security in Healthcare

In this Security exclusive, Gail Lenehan, President of the Emergency Nurses Association, and Bryan Warren, President of the International Association for Healthcare Security & Safety, discuss the reputation security has in the healthcare industry and its effect on workplace violence.

Listen
More Podcasts

THE MAGAZINE

Security Magazine

2013 May SEC

2013 May

This month in Security, discover how security can span the globe with our special feature on Securing the Global Enterprise. Also, determine how to do business in conflict zones, learn the top 11 errors in emergency planning, get smart about smartphones and study the consequences of performing temporary security for temporary employees.

Table Of Contents Subscribe

Situational Awareness

What is your level of certainty that your video network is performing all the time, meaning cameras are working and video is being recorded and is available for playback?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube logo 40px 2-12-13  LinkedIn logo 40px 2-12-13