$1.55 Million HIPAA Fine for Stolen Laptop

April 15, 2016

The HIPAA violation occurred when a thief stole a laptop from a locked vehicle owed by a contractor. Although the laptop was password protected, it contained individually identifiable personal health information (PHI) of 9,497 individuals. From the public record, there is no indication that any of the personal health information was breached. However, the employer, North Memorial Health Care of Minnesota, failed to have a business association agreement with the contractor’s employer. The contractor, Accretive Health Inc., had access to North Memorial’s hospital database, which stored the electronic PHI (ePHI) of 289,904 patients and there was no business agreement in place. Furthermore, North Memorial failed to complete a risk analysis of the potential security vulnerabilities for the ePHI it maintained. Once again, this huge fine assessed by the Department of Health and Human Services underscores the importance of having business associate agreements with all third party vendors and performing adequate risk assessments.

Please reload

Featured Posts

HIPAA Fines--Not Going Away!

January 15, 2016

The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services recently announced a resolution agreement with Triple-S Managemen...

Please reload

Recent Posts
Please reload

Please reload

© 2019 by Ledbetter Parisi LLC.