The burglary of a portable PC phone a human services station having a place with Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (MEEI) has brought about a contract of $1.5 million with the HHS Office for Civil Rights for HIPAA infringement.
The U.S. Bureau of Health and Human Services is implementing Health Insurance Portability and Accountability Act compliance , and MEEI was esteemed to have disregarded the Security Rule by neglecting to avoid potential risk to ensure the wellbeing data of its patients and research subjects.
The tablet contained decoded information which could be gotten to by the individual possessing the portable workstation. The information incorporates quiet medicine points of interest, clinical data that could possibly be utilized to confer misrepresentation.Under the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification Rule, the HHS must be told of security ruptures including the presentation of PHI of patients. At the point when MEEI issued the warning, it set off the OCR examination.
The OCR directed a full compliance audit and decided there were various ranges where the MEEI had neglected to execute the fundamental protection and security controls as required by the Security Rule. MEEI had not directed a careful hazard examination concerning versatile gadgets used to store ePHI. It had neglected to distinguish the security chance these gadgets postured and had not found a way to secure the information the gadgets contained and confine unapproved get to.
Hazard administration issues existed and there was a lacking checking framework to distinguish information breaks. It will be required to build up its approaches and methodology in such manner and record strategies to empower break warnings to be issued in an auspicious way. The OCR decided there to have been a hierarchical negligence of the HIPAA Security Rule at MEEI.
Notwithstanding the overwhelming fine, a restorative activity design (CAP) must be taken after to address all HIPAA compliance issues. In an announcement issued by the OCR, Director Leon Rodriguez stated: “This enforcement action emphasizes that compliance with the HIPAA Privacy and Security Rules must be prioritized by management and implemented throughout an organization, from top to bottom.”