Health Law: Hospice pays $50,000 for Failing to Conduct HIPAA Security Risk Assessment; Inadequate Security Policies

Susan Freed
Dentons
Contact
LinkedIn
Facebook
X
Send
Embed

A small non-profit hospice in Idaho agreed to pay $50,000 to settle allegations that it violated the HIPAA security regulations. The allegations stemmed from a report made to HHS by the hospice after a laptop containing protected health information of 441 patients was stolen. The information on the laptop was not encrypted making the loss of the laptop a reportable breach. After investigating the breach, OCR fined the hospice for failing to have a risk assessment as required by the HIPAA security regulations and policies and procedures addressing mobile device security. The settlement is a lesson to all providers, large and small, that failing to implement and update HIPAA security policies and procedures can have significant repercussions. Providers should routinely conduct security risk assessments and update their HIPAA security policies and procedures  as needed to ensure they adequately address identified risks.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Written by:

Dentons
Dentons
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Dentons on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide