In April of 2017, The U.S. Department of Health and Human Services has announced a HIPAA settlement based on the impermissible disclosure of unsecured ePHI. CardioNet, a Pennsylvania based wireless health services provider, has agreed to settle potential non-compliance with the HIPAA Privacy and Security Rules by paying $2.5 million and implementing a corrective action plan. This settlement is the first involving this type of provider, as CardioNet is a supplier and developer of an integrated technology and service which enables heartbeat-by-heartbeat, ECG monitoring, analysis and response for patients with cardiac arrhythmia.

Early in 2012, CardioNet informed the HHS Office for Civil Rights (OCR) that an employee’s parked vehicle was burglarized and a laptop containing the 1,391 ePHI records was stolen. OCR’s investigation discovered that CardioNet had the following issues at the time of the theft:

  • an inadequate risk management processes;
  • insufficient risk analysis;
  • policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented;
  • an absence of final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices.

“Mobile devices in the health care sector remain particularly vulnerable to theft and loss,” said Roger Severino, OCR Director. “Failure to implement mobile device security by Covered Entities and Business Associates puts individuals’ sensitive health information at risk. This disregard for security can result in a serious breach, which affects each individual whose information is left unprotected.”

HHS has gathered tips and information to help protect and secure health information when using mobile devices:  https://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security that can be summarized in this video:

Is your organization using mobile devices? Does your business have adequate protection and security?

Give us a call at 201-493-1414 x 301 or submit a request for a complimentary consultation, today. Let’s start a conversation about improving your IT solutions.

 

How is your state of IT?

Call Us: (201) 493-1414

Related Articles

Reopening the Workplace After COVID-19: Technology Considerations
How To Implement a Business Continuity Plan
Do You Have a Cybersecurity Program?
A HIPAA Risk Assessment is Mandatory: How to Avoid Audit Troubles
New Jersey Healthcare provider Hackensack Meridian hospital paid ransom to hackers to stop a cyberattack
How Hackers Can Exploit Medical Information
5 reasons why your Healthcare Practice Needs PROFESSIONAL IT Services and not a break-fix guy.
Violating HIPAA regulations is a Crime that Can Lead to Serious Penalties
Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution industry awards
Scroll to Top