The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced the first HIPAA settlement resulting from a hospital’s untimely reporting of a breach of unsecured protected health information (PHI). The breach stemmed from missing paper-based OR schedules containing PHI at Presence Health of Joliet, Illinois. Because the hospital failed to notify the 836 affected individuals and the OCR, Presence Health agreed to settle potential violations of the HIPAA Breach Notification Rule by paying $475,000 and implementing a corrective action plan. To read the original announcement, click here.
While this specific case highlights paper-based theft, the risk of a cyber breach is becoming all the more realistic – especially in a world of electronic health record keeping. Past issues of The LINK and The Central Line have exposed readers to the concepts of whale phishing, meatware and medjacking. In light of the incident above, it’s time to start thinking seriously about your protection.
To learn more or to obtain a quote for higher limits of protection against cyber-crime or other exposures that could lead to severe civil fines and penalties, contact Carly Thames, Elatas Risk Partners Account Executive, at 225.906.2062 or firstname.lastname@example.org.