HIPAA violation costs hospital nearly $1 million

Lahey Clinic in Burlington, Massachusetts will pay $850,000 to the U.S. Department of Health and Human Services Office for Civil Rights to settle a HIPAA violation. The hospital also agreed to adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program.

In 2011, a laptop containing the protected health information of nearly 600 patients was stolen from an unlocked treatment room. The laptop accompanied a portable CT scanner. “It is essential that covered entities apply appropriate protections to workstations associated with medical devices such as diagnostic or laboratory equipment,” said Office for Civil Rights Director Jocelyn Samuels. “Because these workstations often contain ePHI [electronic protected health information] and are highly portable, such ePHI must be considered during an entity’s risk analysis, and entities must ensure that necessary safeguards that conform to HIPAA’s standards are in place.”

Source: Department of Health and Human Services