[firm] blog logo

Two Covered Entities Settle Potential Violations of HIPAA Privacy and Security Rules For Approximately $2 Million

The U.S. Department of Health and Human Services (?Ç£HHS?Ç¥) recently announced resolution agreements (?Ç£RAs?Ç¥) with two covered entities, a health care provider and an insurer, under HIPAA?ÇÖs privacy and security rules (the ?Ç£Rules?Ç¥), requiring combined payments of approximately $2 million to settle potential violations of the Rules.?á Both RAs stemmed from investigations conducted by HHS as a result of breach notifications the covered entities submitted to report the thefts of laptop computers containing unencrypted electronic protected health information (?Ç£ePHI?Ç¥).?á Apart from the settlement payments, the RAs impose two-year corrective action plans, including the performance of risk analysis, implementation of risk management plans and training, and periodic follow up activities with HHS. Although failure to encrypt ePHI is not a per se violation of the Rules, the HHS news release regarding the RAs underscores HHS?ÇÖ view that unencrypted laptops and other mobile devices pose significant risks to the security of ePHI,… Continue Reading

May 2014
S M T W T F S
 123
45678910
11121314151617
18192021222324
25262728293031

Archives