http://www.healthcareitnews.com/news/oncology-group-slapped-750k-hipaa-fine
By Erin McCann
Managing Editor
Healthcare IT News
September 2, 2015
Healthcare security folks, listen up: Failing to encrypt portable devices
and laptops containing patient data could result in a serious HIPAA fine,
as one Indiana-based health group can now attest to.
Cancer Care Group, a large radiation oncology practice in Indianapolis, is
reevaluating its privacy and security practices after it was slapped with
a $750,000 HIPAA settlement from the Department of Health and Human
Services. It agreed to pay the sum to settle alleged HIPAA violations
involving a breach that occurred three years ago.
Back in August 2012, Cancer Care reported a HIPAA security breach to the
the Office for Civil Rights, after an unencrypted server backup media and
laptop was stolen from an employee's car. Officials discovered the device
contained the protected health information, Social Security numbers and
insurance data for some 55,000 patients.
Following an investigation launched by the Office for Civil Rights, the
HHS division responsible for investigating HIPAA compliance, it was
discovered that even before the breach Cancer Care was in "widespread
non-compliance with the HIPAA Security Rule," HHS said in a Sept. 2
statement.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
