A settlement was reached January 2, 2013 between the U.S. Department of Health and Human Services (HHS) and the Hospice of North Idaho (HONI). HHS scrutiny began when a report was made by HONI that an unencrypted laptop computer containing electronic protected health information (ePHI) for 441 patients was stolen in 2010. HONI agreed to pay the $50,000 settlement when the HHS investigation determined that HONI had not conducted a risk analysis to safeguard the ePHI. HONI also failed to have in place policies and procedures to address mobile device security required by the Security Rule regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).