News Stay informed about the latest enterprise technology news and product updates.

Hospital fined $850,000 for ePHI breach

A stolen laptop can be worth more than $800,000. At least that was the case with a laptop taken from Lahey Clinic Hospital, Inc. in 2011. The HHS Office for Civil Rights (OCR) recently ruled that Lahey — based in Burlington, Mass. — must pay an $850,000 fine for violations of the HIPAA Privacy and Security Rules, stemming from the loss of that laptop.

The stolen laptop was used in association with a computerized tomography (CT) scanner and held the electronic protected health information (ePHI) of nearly 600 patients. Lahey reported the breach to OCR, prompting an inspection of Lahey’s security practices. The OCR probe returned six primary infractions, including the improper disclosure of ePHI, failure to assign procedures to the movement of devices containing ePHI in and out of the facility and a deficiency in “physical safeguards for a workstation that accesses ePHI to restrict access to authorized users.”

On top of paying the fine, Lahey entered into an agreement with HHS to prove it has taken steps to avoid future breaches. The corrective plan mandates that Lahey execute a risk analysis of its entire organization and document any security and ePHI vulnerabilities. Lahey must give the resulting risk analysis report and a separate risk management proposal to HHS for review.

While OCR watches over hospitals, the Office of the Inspector General (OIG) is monitoring OCR. The OIG — another HHS office that handles ePHI matters — has the topic in its plans for the 2016 fiscal year. The OIG said it will assess OCR’s enforcement of ePHI security next year and determine if it is sufficient. Specifically, OIG will check that OCR is conducting regular audits of HIPAA covered entities and business associates to confirm those entities are compliant with HIPAA and the HITECH Act. The Food and Drug Administration (FDA) will also be in the OIG’s crosshairs in 2016, when OIG promises to evaluate how well the FDA is overseeing medical devices and the security of their interactions with ePHI.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Which are better: Web apps or native apps?
Web apps are a good alternative for many situations, but when you need to work disconected, and want to use the full power of your device, native apps are definitelly superior.
Can anyone elaborate about source code protection when developing with HTML5 or JavaScript !!!
The issue of whether to go for native apps or web apps should be determined by the functionality of that app.
same, same. hardware specific integration.
easy to access
b'coz i'm a native app developer
This is a good development.
i raise hand in native apps
native apps as wrappers to web apps for accessing device features
I would say native apps but in an environment (read low-income village somewhere) where not everyone has access the latest smartphones etc but can find an internet café in the neighbourhood, HTML5 is great