HIPAA HITECH Data Breach Costs Small Business Associate $300,000

I was in a recent discussion about hacking in healthcare and had to use the old Pogo line "We have seen the enemy and he is us".  While we are worrying about Russian mobsters hacking our systems employees are blithely carrying around unencrypted patient data on their laptops.  Compliance 101 would tell people that this is a bad habit.  More data has been breached by business associates than by covered entities and most of it has to do with lost or stolen hardware, be it backup tapes, laptops, or servers.

A few thousand dollars invested in compliance training and encryption would have saved this business associate $300,000 not to mention the incalculable damage to their reputation.  The story was in Healthcareinfosecurity.com Forum.

The Massachusetts eHealth Collaborative, a non-profit consultancy that experienced a health information breach, learned eight important lessons from the experience, says CEO Micky Tripathi.

Tripathi spelled out in a recent blog the details of the organization's breach, which involved the theft of an unencrypted laptop from an employee's car, The breach, which affected about 1,000 patients of the collaborative's physician group practice clients, cost almost $300,000 to resolve.


Add Your Comments

(not published)