Boston hospital settles HIPAA violations for $100,000
Beth Israel Deaconess Medical Center (BIDMC) has been hit with a $100,000 fine for HIPAA violations due to one of its physicians failing to follow the hospital's laptop encryption policy and an unencrypted laptop was stolen.
Although the laptop, which contained the protected health information of nearly 4,000 BIDMC patients and employees, was not hospital issued, the hospital knew the physician was using the laptop.
Adding to the problem is that the Boston hospital did not notify patients of the data breach until three months after the May 2012 theft, while HIPAA regulations require covered entities to notify those affected no more than 60 days after a breach is discovered.
BIDMC's $100,000 settlement includes a $70,000 civil penalty, $15,000 in atteorney fees and associated costs and a $15,000 payment to educational programs related to protecting personal health information.
"The healthcare industry's increased reliance on technology makes it more important than ever that providers ensure patients' personal information and protected health information is secure," Massachusetts Attorney General Martha Coakley said in a statement about the case. "To prevent breaches like this from happening, hospitals must put in place and enforce reasonable technological and physical security measures."
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.