Loss of Unencrypted Laptop Leads to $65,000 HIPAA Settlement

By Compliance Dashboard

on January 10, 2020

Share:

The last major settlement of 2019 regarding violations of the Health Insurance Portability and Accountability Act (HIPAA) may not have been the largest penalty of the year; but it nonetheless demonstrates the importance of compliance with HIPAA.

On December 30, 2019, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced its settlement with West Georgia Ambulance, Inc. (West Georgia) for potential violations of HIPAA.

After an unencrypted laptop fell off the back bumper of the company’s ambulance, West Georgia submitted a breach report with the OCR. The laptop contained the electronic protected health information (ePHI) of 500 individuals. The OCR’s investigation found the company had continuing non-compliance with the HIPAA Privacy and Security Rules because it failed to:

Conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities of the ePHI the company held;
Implement a HIPAA security training program and to provide this training to its employees; and
Implement policies and procedures required by the HIPAA.

West Georgia agreed to pay $65,000 and adopt a 2-year corrective action plan (CAP) for future potential violations of HIPAA. The CAP includes some of the following remedial measures:

Conduct and complete a risk analysis and develop a complete inventory of all electronic equipment;
Install HIPAA compliant encryption software on all its computers;
Submit proposed training materials to HHS for review and approval, and upon approval by HHS, provide such training to all workforce members; and
Adopt and implement written policies and procedures to comply with HIPAA.

Now more than ever, those subject to HIPAA (Covered Entities (CEs)) must continue to comply with these obligations to avoid costly outcomes. ComplianceDashboard offers tools to help CEs navigate through the strict requirements of HIPAA.

The information and content contained in this blog post are for general informational purposes only, and does not, and is not intended to, constitute legal advice.

More From the Blog

View all

From Chaos to Clarity: Your Open Enrollment Game Plan

Every year, open enrollment brings new rules, new deadlines, and new headaches—but this year, you can be ahead of the game. This isn’t another boring compliance lecture. We’re breaking down plan document mysteries and open enrollment chaos into actionable steps you can actually implement without needing a law degree.

A Timeline of the AHP Final Rule and Recent Litigation

On June 21, 2018, the Department of Labor (“DOL”) published an Association Health Plan Final Rule (“AHP Final Rule” or “Final Rule”) expanding the definition of “employer” under ERISA Section 3(5) for purposes of determining…

DOL Releases Second Guidance on Recent AHP Litigation

In response to the recent litigation surrounding association health plans (“AHPs”), the Department of Labor (“DOL”) released its second guidance on May 13, 2019, regarding the United States District Court for the District of Columbia’s…

Products

Products by Name

Solutions by Role

Solutions by Need

Solutions by Industry

About

Resources

Terms of Use Privacy Policy

2025 State of Workplace Empathy Report

Schedule a 20-minute demo