Physician Practice

Physician practice agrees to $750,000 HIPAA settlement and Corrective Action Plan after laptop stolen from employee's car

Physician Practice Insider, September 8, 2015

Cancer Care Group, P.C., an Indiana-based radiation oncology private physician practice, has agreed to a settlement with the HHS Office for Civil Rights (OCR) after a potential HIPAA violation in the form of a stolen laptop, according to a September 2 HHS press release. In addition to a $750,000 fine, Cancer Care must put in place a robust Corrective Action Plan to address previous insufficiencies identified in its existing compliance program.

The potential breach dates to August 2012, when OCR was alerted to the fact that a laptop bag was stolen from the car of a practice employee. The laptop contained unsecured electronic protected health information in the form of current and former patient names, addresses, dates of birth, Social Security numbers, and insurance and clinical information. Approximately 55,000 people were affected.

An investigation by the OCR uncovered “widespread non-compliance with the HIPAA Security Rule,” according to the press release. The full Resolution Agreement and Corrective Action Plan can be found on the OCR website.

 

Most Popular