While investigating a data breach in which a portable electronic storage device that may have contained electronic personal health information was stolen from the vehicle of a DHSS employee, HHS found that the department did not have adequate policies and procedures in place to safeguard ePHI. According to the report, evidence suggested that DHSS had not completed a risk analysis, implemented sufficient risk management measures, conducted security training for its workforce members, established device and media controls or addressed device and media encryption.
More Articles on HIPAA Violations:
3 Considerations for Evaluating Data Breach Insurance Policies
5 Steps to Achieving HIPAA Compliance
Phoenix Cardiac Surgery Group Pays $100K in HIPAA Violation Settlement
