In our last post, we discovered that since 2012, the average HIPAA fine for a stolen unencrypted laptop cost an astounding $881,305. In this post, we'll take a look at two instances in which stolen thumb drives (USB drives) led to costly HIPAA fines. We’ll also discuss why a stolen thumb drive can incur such heavy penalties.
On 26 December 2013, a HIPAA entity in Massachusetts agreed to pay a $150,000 fine to settle HIPAA violations due to a stolen thumb drive. The unencrypted thumb drive contained the electronic protected health information (ePHI) of over 2,000 people. It was stolen from the car of one its employees and was never found.
On 26 June 2012, the Alaska Department of Health and Social Services agreed to a pay a $1,700,000 fine settle HIPAA violations due to the theft of a USB hard drive (thumb drive). In this case, the stolen USB drive was also unencrypted and was stolen from a car.
As we saw in our previous post on stolen laptops, large HIPAA fines for stolen thumb drives were again due to the drives being unencrypted. In this case, the data shows that since 2012, it costs an average of $925,000 in HIPAA fines for a single stolen thumb drive. In our opinion, thumb drives should be eliminated from the workplace of HIPAA entities.
Here's why:
Thumb Drives can and should be replaced by HIPAA Compliant File Sharing Services We built Paubox based on customer feedback. Part of that feedback involved developing a central, secure, HIPAA compliant service for file sharing, storage and messaging. We determined the best way to deliver that solution was not by building thumb drives or portable hard drives. It was instead by developing, from the ground up, a compliant, high encryption (256-bit) solution using cloud technology. In a nutshell, we believe HIPAA compliant cloud services like Paubox will become the standard for HIPAA compliance within and outside the workplace.
SEE ALSO: Stolen USB Drives Continue to Generate Large HIPAA Fines