Skip to content

Physician Law Blog

We provide insights and analysis for physicians, nurses, chiropractors, dentists, physical therapists and other health professionals on issues impacting their practices.

Physician Law Blog
June 22, 2018

Sidestepping Encryption? Better Be Ready To Pay Millions for HIPAA Violations

Earlier this week, the University of Texas MD Anderson Cancer Center was ordered to pay a staggering $4,348,000.00 in order to resolve HIPAA violations from data breaches occurring in 2011, 2012, and 2013.The extremity of the penalties is explained by the fact that the data breaches were completely preventable. Generally, covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA) are required to ensure confidentiality, integrity, and availability of all electronic protected health information (ePHI) that is created, received, maintained, or transmitted, and protect that information from reasonably anticipated threats and impermissible uses.

Physician Law Blog
April 23, 2014

HIPAA Update - OCR Takes Unencrypted Laptops Seriously

OCR issued an update regarding two important HIPAA settlements involving theft of unencrypted laptops. The first involved Concentra Health Systems report of a breach that an unencrypted laptop was stolen from the Springfield Missouri Physical Therapy Center. After concluding that Concentra had previously recognized its lack of encryption in multiple risk analyses, its efforts to protect patient PHI remained vulnerable due to incomplete and inconsistent encryption. As a result, Concentra agreed to pay OCR $1,725,220 to settle the violations and will be implementing a corrective action plan to remediate the findings.