In 2013, West Georgia Ambulance filed a data breach notice. The company indicated that around 500 individuals may have had their information exposed after an unencrypted laptop was lost.
An OCR investigation found that West Georgia Ambulance had a longstanding of noncompliance with HIPAA. The ambulance provider failed to conduct risk analysis, provide a security awareness and training program and implement HIPAA policies and procedures.
Along with $65,000 settlement, West Georgia Ambulance agreed to undertake a corrective action plan, which includes two years of monitoring.
“The last thing patients being wheeled into the back of an ambulance should have to worry about is the privacy and security of their medical information,” said OCR Director Roger Severino. “All providers, large and small, need to take their HIPAA obligations seriously.”
More articles on cybersecurity:
Florida clinic to pay $85K for violating HIPAA records access rule
Wyoming hospitals hit by cyberattacks almost daily, state hospital association says
4 things to know about Zeppelin, a ransomware targeting healthcare organizations
