Health Information Management

Connecticut hospital and BA pay $90,000 fine for HIPAA violation

HIM-HIPAA Insider, November 16, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Hartford Hospital, Hartford, Conn., and EMC Corporation agreed to pay a $90,000 fine to the state of Connecticut for HIPAA violations dating back to 2012. On June 25, 2012, an unencrypted laptop containing PHI was stolen from the home of an employee of EMC, a contractor hired by Hartford Hospital to analyze patient data as part of a quality improvement project. The theft was reported to the police that day and, on June 26, 2012, to the hospital. After being notified of the theft, the hospital determined that it had never entered into a business associate agreement (BAA) with EMC.

Hartford Hospital since engaged in a number of steps to correct its oversight and ensure that all employees are thoroughly trained in HIPAA compliance, according to a statement released by George Jepsen, Connecticut attorney general. The hospital increased mandatory compliance training and all business managers must undergo further training on their specific HIPAA obligations and BAA requirements. The hospital developed BAA flowcharts for business managers and a contract checklist and questionnaire for its IT department.

Hartford Hospital also agreed to submit a report to the state attorney general’s office in one year detailing corrective actions taken and continued, according to the terms of their assurance of voluntary compliance.

In addition to the fine, EMC agreed to maintain adequate policies for the protection and encryption of PHI stored on laptops and other portable devices and to provide HIPAA training for all employees who handle PHI.

Hartford Hospital states that there is no evidence the PHI stored on the stolen laptop has been misused, although the laptop has not been recovered. The hospital offered AllClear ID credit monitoring services and identity theft insurance to affected patients.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular