Unencrypted Laptop with Patient Data
According to HHS and news reports, a laptop with protected health information (PHI) of about 3,600 patients was stolen from a physician with the Massachusetts Eye and Ear Infirmary (MEEI) in February 2010. The information on the laptop included patient prescriptions and clinical information.
HIPAA Breach Reported to HHS
Because the potential breach affected more then 500 patients, MEEI was required to notify the Department of Health and Human Services (HHS), which it did.
HHS conducted an investigation and found that MEEI failed to take necessary steps to comply with certain requirements of the Security Rule. It also found that these failures extended over a long period of time, "demonstrating a long-term, organizational disregard for the requirements of the Security Rule."
$1.5M Settlement for Potential HIPAA Breach
MEEI has agreed to pay HHS $1.5 million to settle the potential violations of the HIPAA Security Rule. It has also agreed to take corrective action to improve policies and procedures that will safeguard the privacy and security of its patients’ protected health information.