CardioNet has agreed to pay HHS $2.5 million for an alleged HIPAA violation, making the company the first wireless health services provider to reach a settlement with HHS.
CardioNet, a provider of cardiac monitoring services, potentially exposed 1,391 patients' electronic protected health information in 2012, when an employee's laptop was stolen. When HHS' Office for Civil Rights investigated, they found that CardioNet had inadequate risk analysis and risk management procedures, which put patients' health information at risk.
Under the terms of the settlement, the Malvern, Pa.-based CardioNet also will follow a corrective action plan that includes giving a risk analysis and risk management plan to HHS for approval.
"Mobile devices in the healthcare sector remain particularly vulnerable to theft and loss," said Roger Severino, director of the Office for Civil Rights, in a statement.
This year, there have been seven data breaches—affecting 52,053 patients—due to the theft of portable electronic devices, including laptops.