Smallest Data Breach Penalty Yet

The Department of Health and Human Services Office for Civil Rights reached its first settlement for a breach of patient information involving less than five hundred individuals. The Hospice of North Idaho has agreed to pay a $50k penalty to resolve allegations that it violated the HIPAA Security Rule when an unencrypted laptop was stolen with information on 441 patients. The settlement agreement is here. The penalty does not include the related public relations, investigation, legal or notification costs.

Almost all health care providers are required to report loss of identifiable patient information to HHS, contact us to discuss the specific requirements and risks.

Health Centers are being pressed with increasing financial risk at a time when margins are being squeezed ever tighter. Contact us today to discuss ways to broaden your current insurance coverage to address these growing concerns.