in HIPAA Headlines by John Brewer

Health insurance company Health Net has just been fined $55,000 by the state of Vermont over the insurer’s loss of a portable disk drive that exposed the protected health information (PHI) of 1.5 million people, including 525 Vermont residents.

The HITECH Act, that piece of legislation that is mostly remembered for giving physicians reimbursement money for buying & installing an EHR, gives state attorneys general HIPAA enforcement authority.

How should you protect your business, yourself and your patients from this kind of mistake?

  1. Don’t use portable storage devices to store PHI in your practice (yes, this includes laptops)…
  2. If you must use a portable storage device, make sure you encrypt this device
  3. Train your staff on HIPAA regulations regularly, annual HIPAA awareness training is a requirement…
  4. Have a company computer policy clarifying which of the above 2  items your practice deems appropriate.

Most PHI data breaches are simple to fix.  As the health community gets pushed into the electronic age, there continues to be a steep learning curve…but it really is not that difficult.

As more state attorneys general see HIPAA compliance fines as a source of revenue…things will start to get real ugly.

0 thoughts on “$55,000 HIPAA Fine

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *