Magazine article Information Management

HHS Settlement Shows the Risk of Not Understanding HIPAA

Magazine article Information Management

HHS Settlement Shows the Risk of Not Understanding HIPAA

Article excerpt

The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI).

CardioNet has agreed to settle potential noncompliance with the HIPAA Privacy and Security Rules by paying $2.5 million and implementing a corrective action plan. This settlement is the first involving a wireless health services provider, as CardioNet provides remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias.

In January 2012, CardioNet reported to the OCR that a workforce member's laptop was stolen from a vehicle outside of the employee's home. The laptop contained the ePHI of 1,391 individuals. OCR's probe into the disclosure revealed that CardioNet had insufficient risk analysis and risk management processes at the time of the theft. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.