Skip to content

Physician Law Blog

We provide insights and analysis for physicians, nurses, chiropractors, dentists, physical therapists and other health professionals on issues impacting their practices.

Physician Law Blog
October 14, 2015

HIPAA News - $750,000 Settlement Following Stolen Laptop

Ever wonder if the Office of Civil Rights (“OCR”) is serious about the requirements for a HIPAA Security risk analysis and policy specific to removing hardware and electronic media containing ePHI from a covered entity’s facility? Yes, the OCR is extremely serious about those requirements as Cancer Care Group, P.C. (“Cancer Care”), a radiation oncology private practice, with 13 radiation oncologists discovered after reporting a breach of ePHI.

Physician Law Blog
April 23, 2014

HIPAA Update - OCR Takes Unencrypted Laptops Seriously

OCR issued an update regarding two important HIPAA settlements involving theft of unencrypted laptops. The first involved Concentra Health Systems report of a breach that an unencrypted laptop was stolen from the Springfield Missouri Physical Therapy Center. After concluding that Concentra had previously recognized its lack of encryption in multiple risk analyses, its efforts to protect patient PHI remained vulnerable due to incomplete and inconsistent encryption. As a result, Concentra agreed to pay OCR $1,725,220 to settle the violations and will be implementing a corrective action plan to remediate the findings.

Physician Law Blog
March 9, 2014

Another HIPAA Breach -  Encryption Matters

The Department of Health and Human Services' Office for Civil Rights, the division responsible for investigating HIPAA breaches, has said repeatedly encryption is one of the most basic things providers and business associates can implement to protect patient information. "Pay attention to encryption," said Susan McAndrew, deputy director for health information privacy at OCR, speaking at HIMSS14 this past month, particularly for any devices that can leave the office. "We're interested in protecting the data. You may be interested in protecting the property. We want to turn this into property losses as opposed to data losses."