Beth Israel Deaconess Medical Center has agreed to pay $100,000 and strengthen its data security policies to settle a state health information data breach complaint involving the medical and personal records of nearly 4,000 individuals exposed by the theft of an unencrypted laptop computer.
The settlement of the civil suit, which came in the form of a consent judgment approved last month in Suffolk County Superior Court, was negotiated between the Boston hospital and Massachusetts Attorney General Martha Coakley.
The hospital agreed to pay a $70,000 civil penalty, $15,000 for attorney's fees and cost, and contribute $15,000 to a fund run by the attorney general's office for education about data privacy and security.
The breach occurred in May 2012 after someone entered a Beth Israel Deaconess physician's unlocked office and took a laptop, which was not issued by the hospital but had been used regularly by the physician for hospital business “with BIDMC's knowledge and authorization,” according to a news release from Coakley.