Seattle-based Providence Health & Services has agreed to pay $100,000 and take corrective action under an agreement with HHS that resolves potential violations of the Health Insurance Portability and Accountability Act arising when unencrypted patient data on tapes, discs and laptop computers were lost or stolen.
The breaches together compromised the protection of more than 386,000 patients of the 25-hospital system, according to a news release from HHS. The vast majority of those were lost in a single incident in which backup files of 365,000 Oregon and Washington home-health patients went missing along with a computer bag stolen from an employees minivan in December 2005.
The HHS release praises Providence for its cooperation with the CMS and Office of Civil Rights during the investigation and willingness to make systemic changes. Meanwhile, the system has reinforced security protocols and added new data protection measures since the incidents, Providence spokesman Thomas Johnson said. We dont want anyone to think we sat and waited the two years it took to go through this process, Johnson said. We were already in compliance with many of the elements included in the agreement by the time we reached it. -- by Gregg Blesch
What do you think? Post a comment on this article and share your opinion with other readers. Submit your comments to Modern Healthcare Online at [email protected]. Please be sure to include your hometown and state, along with your organization and title.