Massachusetts Provider Enters into a $1.5 Million Settlement with HHS for HIPAA Violations
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Incorporated (MEEI) settled with the Department of Health and Human Services (HHS) for $1.5 million in response to alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. MEEI notified HHS’ Office for Civil Rights (OCR) that an unencrypted personal laptop containing the electronic protected health information (ePHI) of MEEI patients and research subjects was stolen. Following the notification, OCR found that the organization failed to assess the risk to the confidentiality of ePHI on portable devices. Further, MEEI did not form adequate security measures or policies to identify, report, and respond to security incidents.
According to HHS, MEEI has agreed to comply with a three-year corrective action plan which involves reviewing, revising, and maintaining HIPAA policies and procedures. MEEI’s compliance with the corrective action plan will be monitored and reviewed by an independent monitor.
The HHS press release is available at: http://www.hhs.gov/news/press/2012pres/09/20120917a.html.
Department of Health and Human Services. “Massachusetts Provider Settles HIPAA case for $1.5 Million.” News Release. 17 Sep. 2012.