News and Insights
Visit regularly for up-to-date information on relevant news, firm announcements and additions to our AZ Health Law Blog.
First HIPAA Breach Settlement Involving Fewer Than 500 Patients Announced
The Office for Civil Rights entered into a $50,000 settlement with Hospice of North Idaho (“HONI”) relating to violations of HIPAA. This settlement, which stemmed from a breach of electronic protected health information (ePHI), has resulted in the first settlement for a violation involving fewer than 500 patients.
The HITECH amendments created an obligation that practices must report certain breaches of “unsecured protected health information” to the government. For breaches involving fewer than 500 individuals, the practice may report the violations in an annual report.
The investigation into HONI stemmed from a breach report submitted by HONI following the theft of a laptop computer that contained ePHI of 441 patients. During the investigation, the OCR found that HONI had no policies or procedures for protecting ePHI on mobile devices as required by HIPAA, nor had HONI conducted a risk analysis to safeguard this information. The OCR stated that “[t]his action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information.”
Practices should ensure their policies and procedures are current and adapted to the practice’s methods of communicating about patients.
For more information, visit HHS’s Press Release.