Health Care Reform Resource Center
33 Davis Brown Attorneys Selected for The Best Lawyers in America 2014
Davis Brown Attorneys Named Among Best in the U.S.
Immigration Client Resource Center
Voted Des Moines' Best Law Firm

Davis Brown Health Law Blog  



Health Law: Hospice pays $50,000 for Failing to Conduct HIPAA Security Risk Assessment; Inadequate Security Policies - February 11, 2013

A small non-profit hospice in Idaho agreed to pay $50,000 to settle allegations that it violated the HIPAA security regulations.  The allegations stemmed from a report made to HHS by the hospice after a laptop containing protected health information of 441 patients was stolen.  The information on the laptop was not encrypted making the loss of the laptop a reportable breach.  After investigating the breach, OCR fined the hospice for failing to have a risk assessment as required by the HIPAA security regulations and policies and procedures addressing mobile device security.    The settlement is a lesson to all providers, large and small, that failing to implement and update HIPAA security policies and procedures can have significant repercussions.  Providers should routinely conduct security risk assessments and update their HIPAA security policies and procedures  as needed to ensure they adequately address identified risks.