U.S Department of Health and Human Services

As discussed Friday on the Hunton Privacy and Information Security Blog, the U.S. Department of Health and Human Services has imposed a non-appealable $3.2 million fine on Children’s Medical Center of Dallas due to breaches of HIPPA-protected information.  The breaches allegedly occurred in 2009 (when an employee lost an unencrypted Blackberry containing electronic protected health information (ePHI) for 3,800 individuals); 2010 (when a medical resident lost an “iPod device” synced to a hospital email account, compromising the ePHI of at least 22 individuals); and 2013 (when an unencrypted laptop, which contained ePHI for 2,462 individuals was stolen from the hospital).  The government’s investigation allegedly led Children’s Hospital to admit additional thefts of devices containing ePHI in 2008 and 2009.
Continue Reading Failure To Encrypt Costs Hospital $3.2M, And May Threaten Cyber Coverage