Lahey Clinic Hospital just got a $850,000 HIPAA fine for a lost unencrypted laptop!
"At this point, it is not a good strategy to test OCR’s patience. As discussed above and from other recent settlements, losing or having an unencrypted laptop or mobile device stolen is a sure way to pay money to OCR.
Additionally, the Lahey settlement is another example of needing to consider different forms of equipment and exposure points. While a laptop is a known issue, a laptop in connection with a CT scanner or other medical equipment may not be an obvious vulnerability. Some organizations may assume that a manufacturer will guarantee security compliance. This may not be an accurate assumption and all such devices need to be included in a risk analysis. To some degree, this settlement offers a warning similar to what occurred a few years ago when PHI was found in a leased photocopier. Be comprehensive and all-encompassing when conducting a risk analysis.
There are many threats to healthcare organizations and it will be impossible to prevent all of them. However, with a solid plan in place and proactive monitoring, it is possible to reduce risks."
Protect your data from HIPAA breaches, contact us today to get a free 2 hour support visit!