Labs In Court

Rhode Island Health System Fined +$1 Million for Failure to Encrypt Laptops

Case: The trouble began when Lifespan Corporation, the parent company of a Rhode Island-based non-profit health system filed a breach report after a laptop containing medical record numbers, medication and other electronic protected health information (ePHI) on more than 20,000 individuals was stolen from one of its hospital employees. HHS Office for Civil Rights (OCR) officials called in to investigate uncovered a slew of systemic HIPAA Rules violations at Lifespan, including not only widespread failure to encrypt ePHI on laptops but also a lack of device and media controls. In addition to a $1,040,000 fine, Lifespan had to sign a corrective action plan that included two years of monitoring.

Significance: Laptops, cellphones and mobile devices are stolen every day. That’s why it’s so critical to ensure that those devices are encrypted so that thieves can’t use the ePHI they contain to commit identity theft. While these might seem like obvious points, the Lifespan case is a reminder that systemic breakdowns remain all too common at large healthcare entities and how costly to patients and providers alike they can be when they occur.

CLOSE TO VIEW ARTICLE x

You have 2 articles left to view this month.

Your 3 Free Articles Per Month Goes Very Quickly!
Get a 3 month Premium Membership to
one of our G2 Newsletters today!

Click on one of the Newsletters below to sign up now and get unlimited access to all articles, archives, and tools for that specific newsletter!

Close

EMAIL ADDRESS


PASSWORD
EMAIL ADDRESS

FIRST NAME

LAST NAME

TITLE

COMPANY

PHONE

Try Premium Membership

(-00000g2)