A dermatology practice in Massachusetts has agreed to a $150,000 settlement with HHS for not having procedures in place to fulfill HIPAA's breach notification provisions.
The HHS Office for Civil Rights began investigating Adult & Pediatric Dermatology in Concord, Mass., after receiving a report of a stolen thumb drive containing the protected health information of 2,200 people. The OCR found the practice did not conduct a thorough investigation of the theft in accordance with HIPAA rules and did not comply with the HIPAA Breach Notification Rule.
This case marks HHS' first settlement with a HIPAA-covered entity for not having proper breach procedures and policies in place.
More Articles on Data Breaches:
Computer Stolen From Inspira Medical Center Vineland
9 Recent Healthcare Data Breaches
Subcontractor Exposes Patient Information From Fairfax County Community Health Care