September 24, 2020

Volume X, Number 268

September 23, 2020

Subscribe to Latest Legal News and Analysis

September 22, 2020

Subscribe to Latest Legal News and Analysis

September 21, 2020

Subscribe to Latest Legal News and Analysis

Stolen Laptops Lead to $2M in HIPAA Settlements - Health Insurance Portability and Accountability Act

Recently, the Office of Civil Rights (OCR) levied nearly $2,000,000 in fines on two organizations in an effort to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) stemming from the theft of unencrypted laptops. Specifically, OCR fined provider organization Concentra Health Services $1,725,220 after an unencrypted laptop was stolen from one of its facilities, and fined Arkansas insurer QCA Health Plan Inc. $250,000 after an unencrypted laptop containing personal health information for 148 people was stolen from an employee's car.

These enforcement actions serve as a reminder of the significant risks unencrypted laptop computers and mobile devices pose to the security and integrity of sensitive patient information and underscore the need for all entities to encrypt their laptops and other devices. In response to these two incidents, Susan McAndrew, OCR’s deputy director of health information privacy, explained “our message to these organizations is simple: encryption is your best defense against these incidents.”

Accordingly, it is clear from these settlements that covered entities and business associates understand that encryption is an obligation and, consequently, respond appropriately to ensure they are HIPAA compliant or face heavy penalties.

© 2020 BARNES & THORNBURG LLPNational Law Review, Volume IV, Number 119


About this Author

The Barnes & Thornburg Healthcare Department regularly represents physicians, medical groups, managed care organizations, hospitals, nursing homes, and national healthcare-related associations located around the country. Given our healthcare practice, we understand the unique commercial and regulatory environment in which healthcare organizations operate. Our attorneys bring their problem-solving and consensus-building skills to listen carefully to the goals of their clients and recommend practical solutions.