Hospice Pays HHS $50K for PHI Breach Affecting Less Than 500

A settlement was reached January 2, 2013 between the U.S. Department of Health and Human Services (HHS) and the Hospice of North Idaho (HONI).  HHS scrutiny began when a report was made by HONI that an unencrypted laptop computer containing electronic protected health information (ePHI) for 441 patients was stolen in 2010.  HONI agreed to pay the $50,000 settlement when the HHS investigation determined that HONI had not conducted a risk analysis to safeguard the ePHI.  HONI also failed to have in place policies and procedures to address mobile device security required by the Security Rule regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). 

Spotts Fain publications are provided as an educational service and are not meant to be and should not be construed as legal advice. Readers with particular needs on specific issues should retain the services of competent counsel.