E-Waste Security

  • Home
  • Services
    • Product Destruction
    • Certificate of Destruction
    • Hard Drive Destruction Service
    • Computer Recycling
  • Compliance
    • NIST 800-88
    • NSA / CSS Compliance
    • HIPAA Data Destruction
    • Media & Entertainment
    • Financial Institutions
    • FTC Fines
  • Hard Drive Destruction
    • NAID Certified
    • HIPAA Compliant
  • About Us
    • Articles
  • Contact Us
Home
|
Articles
|
News
|
Significant Settlements For HIPAA Breaches

Significant Settlements For HIPAA Breaches

December 22, 2016 by Gary Scott News
0

TWO LESSONS FROM HIPAA BREACHES

  1. Sign a business associate agreement
  2. Run a comprehensive and accurate risk analysis

Organizations responsible for the security of patient records should take note of two recent investigations and subsequent settlements announced by the Office for Civil Rights (OCR). The agency is tasked with ensuring that covered entities remain in compliance with all HIPAA

regulations and that they are actively and appropriately safeguarding patient information. Each case was triggered by the report of a theft of a laptop containing electronic protected health information (e-PHI), and each case involved a failure to uphold compliance standards.

In the first case, the agency assessed a fine of $1.55 million on North Memorial Health Care of Minnesota. The agency received word that an unencrypted, password protected laptop containing e-PHI information on roughly 9,000 patients was stolen from a locked vehicle. The vehicle and laptop did not belong to the hospital, but was the property of a business associate of the hospital, and had been in the care of that associate’s employee. Upon receiving word of the theft, OCR initiated an investigation and found that despite the fact that the business associate was provided with full access to the hospital’s database, but the North Memorial had not taken actions to have the company, which performed payment and operations activities on the hospital’s behalf, to sign a business associate agreement. In addition to this failure, the investigation revealed that the hospital had also neglected to run a comprehensive and accurate risk analysis as required by HIPAA rules. OCR Director Jocelyn Samuels stated that the hospital had overlooked “two major cornerstones of the HIPAA rules.”

The second settlement that was announced was for an even greater sum. The Feinstein Institute for Medical Research agreed to a $3.9 million settlement and committed to a “substantial” correction plan following discovery of multiple problems with both their security management. Among the problems that were discovered after a laptop containing e-PHI of roughly 13,000 research participants was stolen from an employee’s car was a lack of appropriate safeguards, policies and procedures designed to prevent this type of breach from taking place. Speaking of the problems discovered at Feinstein, Samuels said, “Research institutions subject to HIPAA must be held to the same compliance standards as all other HIPAA-covered entities. For individuals to trust in the research process and for patients to trust in those institutions, they must have some assurance that their information is kept private and secure.”

Hospitals, research institutions and other medical providers have an important responsibility with regard to the electronic patient records that they keep in their databases. In order to be in compliance with HIPAA and maintain the trust of their patients, it is essential that they follow all the rules and security guidelines that HIPAA has in place, including conducting security risk assessment, keeping policies and procedures updated, ensuring that employees are properly trained, and that correct procedures are followed for data and hard drive destruction.   Data destruction for HIPAA electronic private health information (ePHI).

  • Facebook
  • Twitter
  • Google+
  • LinkedIn
Recycled Computers reveal Banking User and Passwords
Preventing ID Theft When Recycling Computers

Related Posts

  • Hard Drive Destruction Los Angeles
    October 9, 2018
  • Rare Earth Magnet Recycling
    September 12, 2018
Hard Drive Shredding
https://youtu.be/Mus46accNjk
Free Quote
San Diego
9920 Pacific Heights Blvd #150
San Diego, CA 92120
(858) 800-2770

  • Facebook
  • Twitter
  • Google +
  • Youtube
Los Angeles
1730 East Holly Avenue
El Segundo, CA 90245
(424) 217-7900

5405 Wilshire Blvd #302
Los Angeles, CA 90036
(323) 677-2502
Orange County
HEADQUARTERS
8 Whatney
Irvine, CA 92618
(949) 514-8090
Santa Clara, County
97 S. 2nd Street #251
San Jose, CA 95113
(650) 450-9956
Copyright 2018 E-Waste Security | All Rights Reserved