The breach at the Hospice of North Idaho was listed on Dec. 31 as a new example on the enforcement activities and results section of the HHS website. The $50,000 settlement in the case, involved the theft of an unencrypted laptop computer from the non-profit Hospice. The  laptop which was assigned to a Hospice nurse and part of an inventory of laptops used by nurses, was stolen from the employee’s car in June 2010. The stolen laptop contained protected health information of 441 individuals. That included patient names, addresses, dates of birth, Social Security numbers, diagnoses, medications, lab results and other treatment information.

This case just reiterates the reality that a HIPPA violations can cost you significantly more than a mere legal penalty. You can end up paying substantial remediation costs and administrative fines regardless of the number of individuals affected. The OCR investigation concluded that the Hospice had not conducted a risk analysis to safeguard electronic protected health information. HIPPA Security Rule requires policies and procedures to address mobile device security. In case any employee fails to comply with the security and privacy policies and procedures, the healthcare  organization must , promptly investigate the matter and notify HHS within 30 days, offering a description of actions taken to mitigate harm.

Industry experts are of the opinion that this incident yet again reinforces the need for organizations to improve their HIPAA compliance efforts. While it is evident that OCR is ramping up HIPAA enforcement, healthcare entities also need to understand that preventing a breach would most certainly cost significantly lesser than paying a penalty and taking corrective action after the breach has occurred, paying a settlement and losing the reputation of the organization.

There is a need to be fully compliant with HIPAA rules at any given point in time. Investing in a solution like SecureGRC, can help take care of all the security requirements with its in-built HIPAA compliance framework, that helps organizations to combat any security challenge.

The post Irrespective of business size, Pay Huge Penalities for HIPAA Non Compliance appeared first on Aegify.