According to an article on JD Supra Business Advisor, “two companies were hit with fines equaling a total of almost $2 million to settle alleged Health Insurance Portability and Accountability Act (HIPAA) violations involving stolen, unencrypted laptops, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced on Tuesday.”
One of the entities, Concentra Health Services (Concentra) failed to remedy previously identified security issues, writes Kimberly J. Gold. They agreed to pay a $1.75 million file and adopt a corrective plan. The other, QCA Health Plan, Inc. (QCA), reported a breach related to a stolen, unencrypted laptop containing personal health information of almost 150 individuals.
Some takeaways:
- Entities that fail to encrypt laptops and other devices are at risk of paying large OCR fines, as well as possible state violations.
- Self-reported breaches do lead to investigations and penalties.
- Ongoing risk assessments are critical for HIPAA compliance, but so is acting on risk assessment findings.
- Encryption may be perceived as expensive and/or cumbersome, but it is much cheaper than a seven figure fine.
“As we previously urged: “encrypt, encrypt, and encrypt again.”
Lastly, it is a good idea to make sure you have the best broadband deal. My friend told me about how that he saved so much money by changing providers. If you’re interested in a getting a great deal as well, click here.
The post No More Excuses: Encrypt Your Laptops or Pay Big Bucks appeared first on Medical Practice Trends.
