Unencrypted laptop costs healthcare system $1M+ in fines

The largest health system in the smallest state has agreed to pay $1,040,000 to HHS’s Office for Civil Rights (OCR).

The settlement requires five-hospital Lifespan Health Services to pay the amount and take corrective actions for failing to meet HIPAA rules on data encryption.

The potential for a significant breach was discovered after the health system reported an employee’s laptop had been stolen.

With the filched portable computer in unknown hands, more than 20,000 patients are at risk of theft involving their unencrypted names, medical record numbers, demographic information and medication lists, according to a July 27 announcement from HHS.

In the announcement, OCR director Roger Severino points out that laptops, smartphones and tablet computers go missing every day.

“[T]hat’s the hard reality,” he adds. “Covered entities can best protect their patients’ data by encrypting mobile devices to thwart identity thieves.”   

Lifespan’s member hospitals include 719-bed Rhode Island Hospital in Providence and its adjacent pediatric facility, Hasbro Children’s Hospital.

According to coverage by GovInfoSecurity, the Lifespan settlement is OCR’s third such deal this year and by far the largest. At the same time, the office is behind the pace it set last year, when it announced 13 HIPAA enforcement actions totaling about $15.3 million. Among these was a $3 million settlement with the University of Rochester Medical Center in upstate New York.

Dave Pearson

Dave P. has worked in journalism, marketing and public relations for more than 30 years, frequently concentrating on hospitals, healthcare technology and Catholic communications. He has also specialized in fundraising communications, ghostwriting for CEOs of local, national and global charities, nonprofits and foundations.

Around the web

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Trimed Popup
Trimed Popup