A small hospice in North Idaho will have $50,000 less in their annual budget due to having a HIPAA violation fine levied against them for an incident dating back to 2010.
Being hailed as the first ever HIPAA breach settlement involving fewer than 500 patients, the Hospice of North Idaho (HONI) will have to pay the Department of Health and Human Services (HHS) $50,000 stemming from a laptop theft of 441 patient records in June 2010.
In a Healthcare IT article written by Erin McCann, she reported that the HHS Office for Civil Rights conducted a thorough investigation and found that HONI had not conducted an adequate risk analysis to safeguard patient health records.
We are almost certain that this sort of judgment passed on a relatively small HIPAA violation will send a message to small healthcare clinics and practices about the importance of safeguarded confidential material and electronic patient records.
Recently, an Indiana-based healthcare facility had 29,000 records compromised from another unencrypted laptop theft. Securing patient records is not a difficult task to undertake when you have the skills of a healthcare or security minded IT consulting company looking after your practice or healthcare organization.
In the Idaho example, HONI did not have policies and procedures in place to address mobile device security as required by the HIPAA security regulations. Since the compromise HONI has taken steps to improve their HIPAA privacy and security compliance program. These after actions steps are sure to have influenced the final penalty.
Brenda Wild, President at HONI said in McCann’s article that they take this incident seriously and have taken measures to ensure the security and privacy of patient information meets HIPAA standards.
The best time to ensure you meet HIPAA standards is well before an incident occurs. HONI will have their name mentioned numerous times online and the $50,000 fine is a small penalty compared to the hit to their reputation and confidence of those they serve.
We would like to help you by ensuring you have all the requirements of HIPAA met. Contact us immediately to book a no obligation review of your security and compliance standards and to have a discussion on what you need to do to prevent this from happening to you.