Health Law: Hospice pays $50,000 for Failing to Conduct HIPAA Security Risk Assessment; Inadequate Security Policies

more+
less-

A small non-profit hospice in Idaho agreed to pay $50,000 to settle allegations that it violated the HIPAA security regulations. The allegations stemmed from a report made to HHS by the hospice after a laptop containing protected health information of 441 patients was stolen. The information on the laptop was not encrypted making the loss of the laptop a reportable breach. After investigating the breach, OCR fined the hospice for failing to have a risk assessment as required by the HIPAA security regulations and policies and procedures addressing mobile device security. The settlement is a lesson to all providers, large and small, that failing to implement and update HIPAA security policies and procedures can have significant repercussions. Providers should routinely conduct security risk assessments and update their HIPAA security policies and procedures  as needed to ensure they adequately address identified risks.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Brown Law Firm | Attorney Advertising

Written by:

more+
less-

Davis Brown Law Firm on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×
Loading...
×
×