$1.5M Settlement for Data Breach

securityThe Department of Health and Human Services (HHS) has announced it will collect $1.5 million from the Massachusetts Eye and Ear Infirmary to settle HIPAA violation allegations.  The HHS’ Office of Civil Rights started an investigation into the MEEI and its affiliated physician group Massachusetts Eye and Ear Associates in February 2010, after an unencrypted laptop computer was reported stolen.

The MEEI laptop contained Protected Health Information (PHI), including clinical and prescription information, for over 3600 patients and research subjects.  The OCR investigation found that MEEI had failed to comply with certain requirements of the HIPAA Security Rule, such as conducting a security risk analysis of storing PHI on portable devices, implementing security measures sufficient to ensure data confidentiality on such devices, restricting access to confidential data to authorized users of such devices, and implementing policies and procedures to address data breach identification, reporting, and responses. As part of the settlement, MEEI will pay $1.5 million in three annual installments through October 2014; the organization will also adopt a corrective action plan, which will be assessed by an independent monitor over the same three-year period.

Sensitive patient information must be secured and backed up safely.  For information on reliable, automatic data backups, server failover options, and managed IT services, please contact Microwize Technology today.