In less than three years, around 60,500 "smaller" healthcare data breaches—each affecting the records of fewer than 500 individuals—occurred across the country, and the federal government is setting its sights on providers implicated in these incidents.
HHS' Office for Civil Rights has reached a $50,000 settlement agreement with Hospice of North Idaho, based in Hayden, a suburb of Coeur D'Alene, pertaining to the hospice's 2010 loss of a laptop computer that contained the records of 441 patients. The Civil Rights Office described the settlement as the first stemming from a Health Insurance Portability and Accountability Act security-rule violation for a breach affecting fewer than 500 individuals.
"This action sends a strong message to the healthcare industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients' health information," said Leon Rodriguez, director of the Civil Rights Office, in a news release. "Encryption is an easy method for making lost information unusable, unreadable and undecipherable."