On April 21, 2017, Lifespan Corp., the health systems moms and dad business and company partner, reported a staff members unencrypted laptop had actually been taken. The laptop consisted of protected health information such as client names, medical records and group details.
There were 20,431 people impacted by the breach.
The Office for Civil Rights performed an investigation and found the health system had systemic noncompliance with HIPAA rules, consisting of failure to encrypt electronic protected health information as well as a lack of device and media controls. The health system also didnt have a service associate agreement with Lifespan Corp.
Life-span will undergo a restorative action strategy and be kept an eye on for two years as part of the settlement.
More posts on cybersecurity: University of Utah Health reports information breach impacting 10,000 patientsCVS Pharmacy loses 21,289 clients details after vandalismNorth Carolina medical clinic to pay $25K settlement over several HIPAA infractions
Providence, R.I.-based Lifespan will settle a possible HIPAA offense associated to a taken laptop computer for just over $1 million, according to an HHS press release.
© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.