As the Office of Civil Rights (OCR) of the department of Health and Human Services continues to crack down on HIPAA violations, more and more fines are being handed down. The recent settlement between Lahey Hospital and Medical Center and HHS is another example of financial consequences for HIPAA violations.
The incident occurred on August 11, 2011 and involved a stolen laptop that was taken from the hospital. This particular laptop accompanied Lahey’s CT scanner and more importantly contained sensitive medical information of 599 individuals. After an in-depth investigation, the OCR deemed that Lahey did not take the necessary precautionary measures to prevent this violation. The amount that Lahey Hospital and HHS settled upon was $850,000.
In addition to the fines, Lahey must provide the OCR a comprehensive risk analysis, an accompanying risk management plan, and evidence to show that it is tracking and meeting these compliance.