You’ve taken every appropriate step to secure protected health information (PHI) at your medical practice, but have you done the same at home? A Connecticut hospital learned this lesson the hard way after a home robbery led to the possible exposure of 8,000 patients’ PHI. The case: A Connecticut hospital hired a subcontractor to work on its computer systems, and one of the subcontractor’s employees left a laptop containing the unencrypted PHI of 8,000 people at home. When the home was robbed, the laptop disappeared, and although the hospital reports that none of the PHI has been used inappropriately, the hospital and subcontractor will pay a combined $90,000 penalty. Both entities must also put privacy practices into place going forward.
The takeaway:
Ensure that all PHI is encrypted, whether it’s on your facility-owned devices, those used by contractors, or even employees’ personal devices if they are taking PHI home with them at night. It’s too risky to simply hope that your devices don’t fall into the wrong hands. HIPAA lawsuits are becoming more and more frequent and it’s imperative that you stay out of their crosshairs. Attorneys who used to be ambulance chasers, have now become breach chasers and could very well have their eyes on you. Stay out of their focus by enacting security and compliance protocols that protect your practice and your patients.