[firm] blog logo

$4.3 Million in Civil Monetary Penalties Awarded for Encryption Failures under HIPAA

An administrative law judge for HHS upheld an award of $4.3 million in civil monetary penalties (the ?Ç£Penalties?Ç¥) against a Texas-based healthcare provider for violations of the HIPAA privacy and security rules (the ?Ç£HIPAA Rules?Ç¥). The provider is a ?Ç£covered entity?Ç¥ under HIPAA (?Ç£CE?Ç¥), and the Penalties are the fourth largest ever awarded to the Office of Civil Rights (?Ç£OCR?Ç¥), the HHS agency that enforces the HIPAA Rules, by an administrative law judge or secured via a settlement for HIPAA violations. The Penalties stemmed from an OCR investigation of the CE in response to three separate HIPAA breach reports the CE filed with OCR during 2012 and 2013 involving the theft of an unencrypted laptop computer and the loss of two unencrypted thumb drives, which resulted in the impermissible disclosure of electronic protected health information (?Ç£EPHI?Ç¥) of over 33,500 individuals. OCR?ÇÖs investigation found that, although the CE had written encryption… Continue Reading

June 2018
S M T W T F S
 12
3456789
10111213141516
17181920212223
24252627282930

Archives