Long Term Care & Senior Living Blog

Cedars-Sinai Medical Center in LA reported a stolen employee laptop containing patient protected health information as well as social security numbers and other personal information of at least 500 patients. While the hospital has encryption policies, this laptop lacked encryption after a recent operating system upgrade. The hospital will mail letters this week to potentially affected patients and has notified all relevant regulatory agencies, but the situation underlines the importance of adequately protected patient information.

Adult & Pediatric Dermatology, P.C., of Concord, Mass., (APDerm) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules with the Department of Health and Human Services, agreeing to a $150,000 payment. APDerm will also be required to implement a corrective action plan to correct deficiencies in its HIPAA compliance program. APDerm is a private practice that delivers dermatology services in four locations in Massachusetts and two in New Hampshire. This case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).