Thumb Drive Costs Practice $150,000 for HIPAA Violations

January 20, 2014 – In The News
Medical Practice Compliance Alert

Michael Kline and Elizabeth Litten were quoted in the Medical Practice Compliance Alert article “Thumb Drive Costs Practice $150,000 for HIPAA Violations.” While the full text can be found in the January 20, 2014, Medical Practice Compliance Alert, a synopsis is noted below.

Practices may want to revisit their compliance with HIPAA after one practice recently agreed to pay $150,000 and enter into a corrective action plan for HIPAA violations stemming from the theft of an unencrypted thumb drive in 2011.

According to the HHS announcement, this is the first HIPAA breach settlement with an entity because it lacked policies and procedures to address HIPAA’s breach-notification provisions.

The practice took until February 2012 to correct security deficiencies and train employees in HIPAA compliance, even after being notified in November 2011 that an investigation into the theft was being started.

“You don’t wait. HHS wants you to act. If it says it’s investigating, turn up the notch,” said Elizabeth Litten.

“It’s not a question of ‘if’ but ‘when’ you will have a breach," cautions Michael Kline.