Covered Entity Fined $150,000 For Stolen Unencrypted Thumb Drive

more+
less-
more+
less-

HHS recently announced that it fined a dermatology practice $150,000 for failing to reasonably safeguard an unencrypted thumb drive and failing to conduct an accurate and thorough risk analysis of electronic PHI. Additionally, the resolution agreement stated the dermatology practice failed to fully comply with HITECH’s requirement to have written policies and procedures for breach notification. The fine stems from an unencrypted thumb drive which contained electronic PHI of approximately 2200 patients. It was stolen from an employee’s unattended vehicle and never recovered. This is another reminder to covered entities and business associates that you must conduct a risk assessment of electronic PHI and document your findings and resolutions.

Additionally, while encryption is not required by the HIPAA Security Rule, recent HHS enforcement activity suggests an expectation by HHS that electronic PHI be encrypted. Covered entities and business associates that are not using encryption should be prepared to demonstrate other safeguards they have implemented as an alternative to encryption and document these alternatives in their risk assessments and written policies and procedures. Had the thumb drive in this case been encrypted no breach would have occurred and the dermatology practice would have avoided the HHS investigation. A copy of the resolution agreement is available here.

Topics:  Covered Entities, Encryption, Fines, HHS, HIPAA, HITECH

Published In: Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Brown Law Firm | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »